| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: backdoor.WIN32.ZAccess.mbs wurde gefunden system ausfall folge windwos nur noch über abgesicherten modus startbarWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
27.07.2013, 18:09
| #1 |
 |  backdoor.WIN32.ZAccess.mbs wurde gefunden system ausfall folge windwos nur noch über abgesicherten modus startbar hi habe ein problem dieser virus wurde identifiziert backdoor.WIN32.ZAccess.mbs kann windows seit er desinfiziert wurde nur noch über abgesicherten modus starten andere möglichkeit nicht möglich -.- log usw. keine ahnung ob ich ihn erstellen kann ich werde es mal versuchen und weis leider net wie lange er den abgesicherten modus noch ausführt nutze nämlich gerade den lapyp damit mit netzwerktreibern -.-* Geändert von saufbiene (27.07.2013 um 19:03 Uhr) |
|
27.07.2013, 18:15
| #2 |
| /// the machine /// TB-Ausbilder    | backdoor.WIN32.ZAccess.mbs wurde gefunden system ausfall folge windwos nur noch über abgesicherten modus startbar hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
|
27.07.2013, 18:32
| #3 |
| | backdoor.WIN32.ZAccess.mbs wurde gefunden system ausfall folge windwos nur noch über abgesicherten modus startbar hier der frst log
__________________FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-07-2013 04
Ran by Rolf (administrator) on 27-07-2013 19:17:59
Running from C:\Users\Rolf\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Safe Mode (with Networking)
==================== Processes (Whitelisted) =================
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\Rolf\Desktop\FRST64 (1).exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1890088 2009-12-11] (Synaptics Incorporated)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11548264 2010-11-03] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2181224 2010-11-03] (Realtek Semiconductor)
HKLM\...\Run: [Seagull Drivers] - ssdal_nc.exe startup [x]
HKLM\...\Run: [IntelliPoint] - c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)
HKLM\...\Run: [HP Color LaserJet CM1312 MFP Series Fax] - C:\Program Files (x86)\HP\HP Color LaserJet CM1312 MFP Series\hppfaxprintersrv.exe [3700736 2009-09-22] (Hewlett-Packard Company)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKCU\...\Run: [AdobeBridge] - C:\Program Files (x86)\Adobe\Adobe Bridge CS4\Bridge.exe [13145448 2008-08-28] (Adobe Systems, Inc.)
HKCU\...\Run: [Pando Media Booster] - C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [3077528 2011-11-05] ()
HKCU\...\Run: [Akamai NetSession Interface] - C:\Users\Rolf\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKCU\...\Run: [MobileDocuments] - C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe [59240 2012-02-23] (Apple Inc.)
HKCU\...\Run: [Personal ID] - C:\PROGRA~2\COOLSP~1\PERSON~1\PID.EXE [1132984 2012-01-02] (coolspot AG, Düsseldorf)
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [19875432 2013-06-21] (Skype Technologies S.A.)
HKLM-x32\...\Run: [HotkeyApp] - C:\Program Files (x86)\Launch Manager\HotkeyApp.exe [200704 2009-12-14] (Wistron)
HKLM-x32\...\Run: [LMgrVolOSD] - C:\Program Files (x86)\Launch Manager\OSD.exe [348960 2009-12-12] (Wistron Corp.)
HKLM-x32\...\Run: [Wbutton] - C:\Program Files (x86)\Launch Manager\Wbutton.exe [436264 2010-06-21] (Wistron Corp.)
HKLM-x32\...\Run: [CLMLServer] - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [103720 2009-11-02] (CyberLink)
HKLM-x32\...\Run: [YouCam Mirage] - C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [136488 2010-10-29] (CyberLink)
HKLM-x32\...\Run: [AdobeCS4ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [611712 2008-08-14] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [642816 2012-12-18] (Adobe Systems Inc.)
HKLM-x32\...\Run: [Adobe_ID0ENQBO] - C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE [378224 2008-08-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HPUsageTracking] - C:\Program Files (x86)\HP\HP UT\bin\hppusg.exe [24576 2009-05-11] (Hewlett-Packard Company)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [DivXMediaServer] - C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-05-20] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1263952 2013-02-13] ()
HKLM-x32\...\Run: [AVP] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356376 2013-02-28] (Kaspersky Lab ZAO)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1075296 2013-04-25] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [NeroFilterCheck] - C:\Windows\system32\NeroCheck.exe [x]
HKU\Default\...\Run: [Sidebar] - C:\Program Files\Windows Sidebar\Sidebar.exe [1475584 2010-11-20] (Microsoft Corporation)
HKU\Default\...\RunOnce: [HKCU] - C:\Windows\System32\oobe\info\HKCU.vbs [126 2009-11-12] ()
HKU\Default\...\RunOnce: [Screensaver] - C:\Windows\Web\Wallpaper\MEDION\start.vbs [129 2009-10-23] ()
HKU\Default User\...\Run: [Sidebar] - C:\Program Files\Windows Sidebar\Sidebar.exe [1475584 2010-11-20] (Microsoft Corporation)
HKU\Default User\...\RunOnce: [HKCU] - C:\Windows\System32\oobe\info\HKCU.vbs [126 2009-11-12] ()
HKU\Default User\...\RunOnce: [Screensaver] - C:\Windows\Web\Wallpaper\MEDION\start.vbs [129 2009-10-23] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\Rolf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Rolf\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
BootExecute: autocheck autochk /p \??\G:autocheck autochk * sdnclean64.exe
==================== Internet (Whitelisted) ====================
ProxyServer: :0
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - "C:\Program Files (x86)\Internet Explorer\iexplore.exe"
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
SearchScopes: HKCU - {CCD070F4-F55B-4DAD-AB73-CB473677714E} URL =
BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO-x32: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
DPF: HKLM {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {4FF78044-96B4-4312-A5B7-FDA3CB328095}
Handler: msdaipp - No CLSID Value -
Handler-x32: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files (x86)\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
Handler-x32: msdaipp - No CLSID Value -
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - No File
Winsock: Catalog5 01 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 05 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog9 01 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 02 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 03 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 04 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 05 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 06 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 07 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 08 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 09 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 10 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 11 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog5-x64 01 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 05 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog9-x64 01 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9-x64 02 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9-x64 03 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9-x64 04 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9-x64 05 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9-x64 06 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9-x64 07 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9-x64 08 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9-x64 09 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9-x64 10 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9-x64 11 mswsock.dll File Not found (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{3CD1F7EC-0802-45A4-AFC1-73A4D005F5B9}: [NameServer]193.189.244.225 193.189.244.206
Tcpip\..\Interfaces\{75BC5AA5-7F30-41CC-B2FA-80D600FCEF44}: [NameServer]193.189.244.225 193.189.244.206
Tcpip\..\Interfaces\{83AAB742-4324-4A41-B1E3-9AC77F1D09A4}: [NameServer]193.189.244.225 193.189.244.206
Tcpip\..\Interfaces\{B571EA15-83F6-456F-A557-A15763023944}: [NameServer]193.189.244.225 193.189.244.206
FireFox:
========
FF ProfilePath: C:\Users\Rolf\AppData\Roaming\Mozilla\Firefox\Profiles\unwm0rcp.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.13.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.5 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.7 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX Plus Web Player Plug-In,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @zylom.com/ZylomGamesPlayer - C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin-x32: adobe.com/AdobeExManDetect - C:\Program Files (x86)\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Rolf\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Extension: No Name - C:\Users\Rolf\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
FF Extension: torntv - C:\Users\Rolf\AppData\Roaming\Mozilla\Firefox\Profiles\unwm0rcp.default\Extensions\torntv@torntv.com.xpi
FF Extension: No Name - C:\Users\Rolf\AppData\Roaming\Mozilla\Firefox\Profiles\unwm0rcp.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF Extension: No Name - C:\Users\Rolf\AppData\Roaming\Mozilla\Firefox\Profiles\unwm0rcp.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
FF Extension: Anti-Banner - C:\Program Files (x86)\Mozilla Firefox\extensions\KavAntiBanner@Kaspersky.ru
FF Extension: Anti-Banner - C:\Program Files (x86)\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak2
FF Extension: Modul zur Link-Untersuchung - C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
FF Extension: Modul zur Link-Untersuchung - C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak2
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM-x32\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] C:\Program Files (x86)\Kaspersky Security Suite CBE 12\FFExt\virtualKeyboard@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com
FF Extension: Content Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
Chrome:
=======
CHR RestoreOnStartup: "hxxp://www.google.com/"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Windows Media Player Firefox Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2003) - C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Winamp Application Detector) - C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll (Nullsoft, Inc.)
CHR Plugin: (Zylom Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\npzylomgamesplayer.dll (Zylom)
CHR Plugin: (AdobeExManDetect) - C:\Program Files (x86)\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems)
CHR Plugin: (AdobeAAMDetect) - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
CHR Plugin: (DivX Plus Web Player) - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U21) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
CHR Extension: (Google Drive) - C:\Users\Rolf\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (Turn Off the Lights) - C:\Users\Rolf\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn\2.2.0.12_0
CHR Extension: (convert2mp3.net Online Video Converter) - C:\Users\Rolf\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhklmhadmpdfcgimodhdapodbllnjjll\1.7_0
CHR Extension: (YouTube) - C:\Users\Rolf\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Cake Mania Main Street) - C:\Users\Rolf\AppData\Local\Google\Chrome\User Data\Default\Extensions\bohogdkongdgejlnndnnhamjgfnbfoon\0.1_0
CHR Extension: (Fruit Ninja HD) - C:\Users\Rolf\AppData\Local\Google\Chrome\User Data\Default\Extensions\ceieijcdaiaaflfpnfbeclgnfbhglkde\1.0.0_0
CHR Extension: (Comics and Manga online) - C:\Users\Rolf\AppData\Local\Google\Chrome\User Data\Default\Extensions\chmidfbpiiicmkfimcbcoagpmchgmkpl\1.4.3_0
CHR Extension: (Monster Dash) - C:\Users\Rolf\AppData\Local\Google\Chrome\User Data\Default\Extensions\cknghehebaconkajgiobncfleofebcog\2.2_0
CHR Extension: (Search by Image (by Google)) - C:\Users\Rolf\AppData\Local\Google\Chrome\User Data\Default\Extensions\dajedkncpodkggklbegccjpmnglmnflm\1.4.3_0
CHR Extension: (TinEye Reverse Image Search) - C:\Users\Rolf\AppData\Local\Google\Chrome\User Data\Default\Extensions\haebnnbpedcbhciplfhjjkbafijpncjl\1.1.2_0
CHR Extension: (Content Blocker) - C:\Users\Rolf\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail\13.0.1.4190_1
CHR Extension: (Cake Mania) - C:\Users\Rolf\AppData\Local\Google\Chrome\User Data\Default\Extensions\kckjnbilaljpiclmpmnomoapakjmoapj\0.1_0
CHR Extension: (SparkChess 6) - C:\Users\Rolf\AppData\Local\Google\Chrome\User Data\Default\Extensions\khgabmflimjjbclkmljlpmgaleanedem\6.1.0.1_0
CHR Extension: (Sand 2) - C:\Users\Rolf\AppData\Local\Google\Chrome\User Data\Default\Extensions\klicmgamjpclmbhppmdeamffedflmkcn\1.1_0
CHR Extension: (DivX Plus Web Player HTML5 \u003Cvideo\u003E) - C:\Users\Rolf\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.172_0
CHR Extension: (YouTube Unblocker) - C:\Users\Rolf\AppData\Local\Google\Chrome\User Data\Default\Extensions\npnkeeiehehhefofiekoflfedgehcdhl\0.4.4_0
CHR Extension: (Anti-Banner) - C:\Users\Rolf\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\13.0.1.4190_0
CHR Extension: (LoL Guides) - C:\Users\Rolf\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmcpejbpddihleognngdlmbnpgoaolgl\2.2.6.3_0
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\urladvisor.crx
CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\online_banking_chrome.crx
CHR HKLM-x32\...\Chrome\Extension: [hempmfkijmahkaddljkmchcmjbojoedl] - C:\Users\Rolf\AppData\Local\CRE\hempmfkijmahkaddljkmchcmjbojoedl.crx
CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\content_blocker_chrome.crx
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\virtkbd.crx
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx
CHR HKLM-x32\...\Chrome\Extension: [oejkcgajlodefenbbjdnaiahmbnnoole] - C:\Program Files (x86)\adawaretb\chrome-newtab-search.crx
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\ab.crx
==================== Services (Whitelisted) =================
S3 Adobe Version Cue CS4; C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [284016 2008-08-15] (Adobe Systems Incorporated)
S3 Akamai; c:\program files (x86)\common files\akamai/netsession_win_6c825ce.dll [3417376 2012-03-28] ()
S2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356376 2013-02-28] (Kaspersky Lab ZAO)
S3 CGVPNCliSrvc; C:\Program Files\CyberGhost VPN\CGVPNCliService.exe [2430128 2011-12-06] (mobile concepts GmbH)
S2 FirebirdGuardianDefaultInstance; C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe [98304 2010-09-17] (Firebird Project)
S3 FirebirdServerDefaultInstance; C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe [3735552 2010-09-17] (Firebird Project)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 npggsvc; C:\Windows\SysWow64\GameMon.des [5124464 2012-12-16] (INCA Internet Co., Ltd.)
S3 OverwolfUpdaterService; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [18360 2013-03-05] (Overwolf Ltd)
S2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2010-02-10] ()
S2 StarMoney Business 4.0 OnlineUpdate; C:\Program Files (x86)\StarMoney Business 4.0 Deutsche Bank Edition\ouservice\StarMoneyOnlineUpdate.exe [554160 2011-11-08] (Star Finanz - Software Entwicklung und Vertriebs GmbH)
S3 TuneUp.Defrag; C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe [607040 2013-03-02] (TuneUp Software)
S2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe [1403200 2011-11-21] (TuneUp Software)
S3 WisLMSvc; C:\Program Files (x86)\Launch Manager\WisLMSvc.exe [118560 2009-10-23] (Wistron Corp.)
S2 x10nets; C:\PROGRA~2\COMMON~1\X10\Common\x10nets.exe [20480 2009-11-07] (X10)
==================== Drivers (Whitelisted) ====================
S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [243200 2009-10-21] (Huawei Technologies Co., Ltd.)
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-07-23] (GFI Software)
S3 hwusbdev; C:\Windows\System32\DRIVERS\ewusbdev.sys [114304 2009-10-12] (Huawei Technologies Co., Ltd.)
R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [458584 2012-06-19] (Kaspersky Lab ZAO)
S1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [620128 2013-04-26] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [28504 2012-08-02] (Kaspersky Lab ZAO)
S3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29016 2013-02-28] (Kaspersky Lab)
S3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29528 2013-02-28] (Kaspersky Lab)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54368 2013-06-19] (Kaspersky Lab ZAO)
S1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178448 2013-04-26] (Kaspersky Lab ZAO)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 mod7764; C:\Windows\System32\DRIVERS\mod77-64.sys [913888 2009-09-24] (DiBcom SA)
S3 NPPTNT2; C:\Windows\SysWow64\npptNT2.sys [4682 2005-01-01] (INCA Internet Co., Ltd.)
S3 NxpCap64; C:\Windows\System32\DRIVERS\NxpCap64.sys [1888864 2010-02-04] (NXP Semiconductors Germany GmbH)
S3 TrdCap64; C:\Windows\System32\DRIVERS\TrdCap64.sys [1887528 2010-06-09] (Trident Microsystems, Inc.)
S3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys [11856 2010-02-25] (TuneUp Software)
S3 VCSVADHWSer; C:\Windows\System32\DRIVERS\vcsvad.sys [21504 2008-12-26] (Avnex)
R3 X10Hid; C:\Windows\System32\Drivers\x10hid.sys [15896 2009-05-13] (X10 Wireless Technology, Inc.)
S3 XUIF; C:\Windows\System32\Drivers\x10ufx2.sys [32792 2009-05-13] (X10 Wireless Technology, Inc.)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 NPPTNT2; \??\C:\Windows\system32\npptNT2.sys [x]
S3 wolf; \??\C:\AeriaGames\WolfTeam-DE\avital\wolf64.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
Error(0) reading file: "C:\Windows\system32\ "
2013-07-27 19:17 - 2013-07-27 19:17 - 01780815 ____C (Farbar) C:\Users\Rolf\Desktop\FRST64 (1).exe
2013-07-27 19:17 - 2013-07-27 19:17 - 00000000 ___DC C:\FRST
2013-07-27 18:31 - 2013-07-27 18:32 - 00000005 ____C C:\Users\Rolf\AppData\Roaming\mbam.context.scan
2013-07-27 17:43 - 2013-07-27 17:43 - 00002136 ____C C:\Users\Rolf\Downloads\Ashampoo_Burning_Studio_Elements_10.0.9__Setup_+_Keygen.torrent
2013-07-27 17:41 - 2013-07-27 17:41 - 00002182 ____C C:\Users\Rolf\Downloads\[torrent.cd].Ashampoo_Burning_Studio_Elements_10.0.9_Setup_+_Keygen.torrent
2013-07-27 17:21 - 2013-07-27 17:21 - 72114856 ____C (Ashampoo GmbH & Co. KG ) C:\Users\Rolf\Downloads\ashampoo_burning_studio_elements_10.0.9_sm.exe
2013-07-27 17:00 - 2013-07-27 17:00 - 00001883 ____C C:\Users\Public\Desktop\MyKeyFinder.lnk
2013-07-27 17:00 - 2013-07-27 17:00 - 00000000 ___DC C:\Users\Rolf\AppData\Local\Abelssoft
2013-07-27 17:00 - 2013-07-27 17:00 - 00000000 ___DC C:\Program Files (x86)\MyKeyFinder
2013-07-27 16:59 - 2013-07-27 16:59 - 02962000 ____C (Abelssoft ) C:\Users\Rolf\Downloads\mykeyfinder.exe
2013-07-26 22:01 - 2013-07-26 22:01 - 00000000 ___DC C:\Users\Rolf\Documents\MAGIX
2013-07-26 21:07 - 2013-07-26 21:07 - 00666633 ____C C:\Users\Rolf\Downloads\adwcleaner.exe
2013-07-26 20:39 - 2013-07-26 20:40 - 05093969 ____C (Swearware) C:\Users\Rolf\Downloads\ComboFix.exe
2013-07-25 20:55 - 2013-07-25 20:55 - 01779761 ____C (Farbar) C:\Users\Rolf\Downloads\FRST64.exe
2013-07-25 15:53 - 2013-07-27 19:03 - 00001742 ____C C:\Windows\PFRO.log
2013-07-24 23:52 - 2013-07-24 23:53 - 01392906 ____C C:\Users\Rolf\Downloads\licensecrawler130.zip
2013-07-24 23:52 - 2013-07-24 23:52 - 00022220 ____C C:\Users\Rolf\Downloads\language_pack.zip
2013-07-24 18:40 - 2013-07-24 18:40 - 00957248 ____C (DivX, LLC) C:\Users\Rolf\Downloads\DivXInstaller.exe
2013-07-24 18:40 - 2013-07-24 18:40 - 00000000 ___DC C:\Program Files (x86)\AC3 Player
2013-07-24 18:40 - 2013-07-24 18:40 - 00000000 ____C C:\END
2013-07-24 18:39 - 2013-07-24 18:40 - 06328694 ____C (ac3directshowfilter.com ) C:\Users\Rolf\Downloads\ac3player_setup.exe
2013-07-24 18:33 - 2013-07-24 18:33 - 15730048 ____C (Adobe Systems Inc.) C:\Users\Rolf\Downloads\Shockwave_Installer_Full.exe
2013-07-24 18:30 - 2013-07-24 18:30 - 00000000 ___DC C:\Windows\SysWOW64\Adobe
2013-07-24 18:26 - 2013-07-24 18:28 - 07876512 ____C (Adobe Systems Inc.) C:\Users\Rolf\Downloads\Shockwave_Installer_Slim.exe
2013-07-24 17:12 - 2013-07-24 17:12 - 00291890 ____C C:\Users\Rolf\Downloads\CraftGuide-1.6.7.3.zip
2013-07-24 17:11 - 2013-07-24 17:11 - 00287669 ____C C:\Users\Rolf\Downloads\CraftGuide-1.6.7.3-modloader.zip
2013-07-24 17:03 - 2013-07-24 17:03 - 00073973 ____C C:\Users\Rolf\Downloads\Railcraft_API_1.5.2-7.3.0.0.zip
2013-07-24 17:02 - 2013-07-24 17:03 - 02513074 ____C C:\Users\Rolf\Downloads\Railcraft_1.5.2-7.3.0.0.jar
2013-07-24 16:58 - 2013-07-24 16:58 - 00025282 ____C C:\Users\Rolf\Downloads\Elemental-Arrows-Mod-1.5.2.zip
2013-07-24 14:56 - 2013-07-24 14:56 - 00001157 ____C C:\DelFix.txt
2013-07-24 14:56 - 2013-07-24 14:56 - 00000000 ___DC C:\Windows\ERUNT
2013-07-24 14:41 - 2013-07-24 14:41 - 21703480 ____C (Mozilla) C:\Users\Rolf\Downloads\Firefox Setup 22.0.exe
2013-07-24 14:08 - 2013-07-24 14:08 - 12931078 ____C C:\Users\Rolf\Downloads\SCFanpackage.zip
2013-07-24 04:21 - 2013-07-24 04:21 - 00001379 ____C C:\Users\Rolf\Desktop\aestool - Verknüpfung.lnk
2013-07-23 23:13 - 2013-07-24 14:54 - 00000000 ___DC C:\Windows\erdnt
2013-07-23 22:52 - 2013-07-23 22:52 - 00246561 ____C C:\Users\Rolf\Downloads\superfish adware mit blockierung des antiviren programs - Trojaner-Board.htm
2013-07-23 22:52 - 2013-07-23 22:52 - 00000000 ___DC C:\Users\Rolf\Downloads\superfish adware mit blockierung des antiviren programs - Trojaner-Board_files
2013-07-23 19:30 - 2013-07-23 19:30 - 00000000 ___DC C:\Users\Rolf\AppData\Roaming\LavasoftStatistics
2013-07-23 19:18 - 2013-07-23 19:18 - 00000000 ___DC C:\ProgramData\Downloaded Installations
2013-07-23 19:17 - 2013-07-23 19:17 - 00000000 ___DC C:\Program Files (x86)\Toolbar Cleaner
2013-07-23 19:14 - 2013-07-23 19:14 - 05616264 ____C (Lavasoft Limited) C:\Users\Rolf\Downloads\Adaware53_Installer.exe
2013-07-23 19:14 - 2013-07-23 19:14 - 00014456 ____C (GFI Software) C:\Windows\system32\Drivers\gfibto.sys
2013-07-23 17:47 - 2013-07-23 17:47 - 07937056 ____C C:\Users\Rolf\Downloads\Nightcore - Dynamite.mp4
2013-07-23 17:46 - 2013-07-23 17:46 - 06018938 ____C C:\Users\Rolf\Downloads\Nightcore - Chipz In Black.mp4
2013-07-23 16:36 - 2013-07-23 16:36 - 00726464 ____C (Enigma Software Group USA, LLC.) C:\Users\Rolf\Downloads\SpyHunter-Installer.exe
2013-07-22 14:52 - 2013-07-22 14:52 - 00000000 ___DC C:\Users\Rolf\Documents\My Games
2013-07-21 12:21 - 2013-07-21 12:26 - 321314481 ____C C:\Users\Rolf\Downloads\Winx Club Staffel 5 Folge 1 Die Ölkatastrophe HD Ganze Folge Deutsch _ German.mp4
2013-07-20 20:13 - 2013-07-20 20:18 - 00000000 ___DC C:\ProgramData\Spybot - Search & Destroy
2013-07-20 20:13 - 2013-07-20 20:13 - 00000000 ___DC C:\Windows\System32\Tasks\Safer-Networking
2013-07-20 18:16 - 2013-07-20 18:34 - 417923699 ____C C:\Users\Rolf\Downloads\OM M.rar
2013-07-20 17:49 - 2013-07-20 17:49 - 00659797 ____C C:\Users\Rolf\Downloads\VisualBoyAdvance-1.8.0-beta3.zip
2013-07-20 17:49 - 2013-07-20 17:49 - 00108176 ____C C:\Users\Rolf\Downloads\Metroid 2 - Return of Samus.zip
2013-07-20 17:43 - 2013-07-20 17:48 - 296225020 ____C C:\Users\Rolf\Downloads\Metroid Prime 3 - Trilogy Remaster.zip
2013-07-20 17:24 - 2013-07-20 17:25 - 36271144 ____C (Safer-Networking Ltd. ) C:\Users\Rolf\Downloads\spybot-2.1.exe
2013-07-20 16:00 - 2013-07-20 16:00 - 00000000 ___DC C:\ProgramData\StarApp
2013-07-20 16:00 - 2013-07-20 16:00 - 00000000 ___DC C:\ProgramData\InstallMate
2013-07-20 15:33 - 2013-07-20 15:33 - 00001073 ____C C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-07-20 15:33 - 2013-07-20 15:33 - 00000000 ___DC C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-20 15:33 - 2013-04-04 14:50 - 00025928 ____C (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-07-20 15:23 - 2013-07-20 15:23 - 10285040 ____C (Malwarebytes Corporation ) C:\Users\Rolf\Downloads\mbam-setup-1.75.0.1300.exe
2013-07-20 02:51 - 2013-07-20 02:51 - 17355680 ____C C:\Users\Rolf\Downloads\Crazy Frog - Popcorn.mp4
2013-07-20 02:45 - 2013-07-20 02:45 - 09920468 ____C C:\Users\Rolf\Downloads\CRAZY FROG - Daddy DJ (Clip Officiel).mp4
2013-07-20 02:41 - 2013-07-20 02:41 - 11178752 ____C C:\Users\Rolf\Downloads\Crazy Frog - We Are The Champions.mp4
2013-07-19 23:19 - 2013-07-19 23:19 - 01492584 ____C (Skype Technologies S.A.) C:\Users\Rolf\Downloads\SkypeSetup.exe
2013-07-19 22:34 - 2013-07-19 22:34 - 04179944 ____C (TeamViewer) C:\Users\Rolf\Downloads\TeamViewerQS_de.exe
2013-07-19 19:04 - 2013-07-19 19:05 - 00000000 ___DC C:\Users\Rolf\Downloads\93655
2013-07-19 18:48 - 2013-07-19 18:48 - 00050433 ____C C:\Users\Rolf\Downloads\convert2mp3_video_converter_1.7.crx
2013-07-19 18:46 - 2013-07-19 18:47 - 16658002 ____C C:\Users\Rolf\Downloads\CH!PZ - 1001 Arabian Nights (HQ) OFFICIAL VIDEO FULL HD.mp4
2013-07-19 18:17 - 2013-07-19 18:57 - 123504950 ____C C:\Users\Rolf\Downloads\BSS0H5eVmj9SFYaw-avXtf0rlxafo5XO6bA85w3nUtU.rar
2013-07-19 12:44 - 2013-07-19 12:51 - 00000000 ___DC C:\Windows\system32\MRT
2013-07-18 22:40 - 2013-07-18 22:40 - 00000182 ____C C:\Users\Rolf\Downloads\stream.asx
2013-07-18 03:02 - 2013-07-18 03:01 - 00927399 ____C C:\Users\Rolf\Downloads\CryptMaster.exe
2013-07-18 02:48 - 2013-07-18 02:48 - 00000000 ___DC C:\Users\Rolf\AppData\Roaming\Unity
2013-07-18 02:08 - 2013-07-18 02:08 - 00000973 ____C C:\Users\Public\Desktop\Anti-Twin.lnk
2013-07-18 02:08 - 2013-07-18 02:08 - 00000000 ___DC C:\Program Files (x86)\AntiTwin
2013-07-18 02:07 - 2013-07-18 02:07 - 00643592 ____C (Unity Technologies ApS) C:\Users\Rolf\Downloads\UnityWebPlayer.exe
2013-07-18 02:07 - 2013-07-18 02:07 - 00000000 ___DC C:\Users\Rolf\AppData\Local\Unity
2013-07-17 15:50 - 2013-07-17 15:50 - 00816474 ____C C:\Users\Rolf\Downloads\AntiTwin_19Beta_Setup.exe
2013-07-16 20:18 - 2013-07-16 20:19 - 01327680 ____C C:\Users\Rolf\Downloads\CryptMaster-Downloader.exe
2013-07-16 18:04 - 2013-07-16 18:04 - 00085204 ____C C:\Users\Rolf\Documents\AdwCleaner[S1] gelöschte adwares.txt
2013-07-16 17:48 - 2013-07-16 17:49 - 00000098 ____C C:\Windows\DeleteOnReboot.bat
2013-07-16 16:03 - 2013-07-16 16:03 - 00018702 ____C C:\Users\Rolf\Downloads\044.crx
2013-07-16 14:14 - 2013-07-16 14:15 - 00000000 ___DC C:\Users\Rolf\Desktop\Bilder
2013-07-15 12:56 - 2013-07-15 12:56 - 00035058 ____C C:\Users\Rolf\Downloads\[FileCopter]turbomodelthingy.zip
2013-07-14 22:35 - 2013-07-14 22:40 - 111769046 ____C C:\Users\Rolf\Downloads\AetherII_Alpha_v1.0.2_MC1.5.1.zip
2013-07-14 22:35 - 2013-07-14 22:35 - 00967536 ____C C:\Users\Rolf\Downloads\AetherII_Alpha_v1.0.2_MC1.5.1.exe
2013-07-14 20:10 - 2013-07-14 20:13 - 03375803 ____C C:\Users\Rolf\Downloads\Industrial-Craft-2-Mod-1.5.2.jar
2013-07-14 19:47 - 2013-07-14 19:47 - 01153651 ____C C:\Users\Rolf\Downloads\Buildcraft Mod 1.5.2.jar
2013-07-14 19:45 - 2013-07-14 19:45 - 00008007 ____C C:\Users\Rolf\Downloads\Atomic-Science-API-1.5.2.zip
2013-07-14 17:24 - 2013-07-14 17:24 - 00967536 ____C C:\Users\Rolf\Downloads\der letzte sommer.exe
2013-07-13 15:12 - 2013-07-24 18:08 - 00000000 ___DC C:\Users\Rolf\AppData\Roaming\.minecraft
2013-07-13 03:17 - 2013-07-13 03:17 - 00000000 ___DC C:\My Games
2013-07-13 03:14 - 2013-07-13 03:14 - 00003006 ____C C:\Windows\System32\Tasks\{3A8EBCFF-7198-49CF-986E-A789C64F20A8}
2013-07-13 00:04 - 2013-07-13 00:04 - 00000000 ___DC C:\ProgramData\Sandlot Games
2013-07-13 00:01 - 2013-07-13 00:01 - 00000000 ___DC C:\Program Files (x86)\Cake Mania 2
2013-07-12 23:58 - 2013-07-12 23:58 - 00000000 ___DC C:\Users\Rolf\AppData\Local\Big Fish
2013-07-12 23:57 - 2013-07-12 23:57 - 00000000 ___DC C:\Boonty
2013-07-12 18:58 - 2013-07-12 18:58 - 00001004 ____C C:\Users\Rolf\Desktop\tatoos - Verknüpfung.lnk
2013-07-11 00:49 - 2013-07-11 00:50 - 19238912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-11 00:49 - 2013-07-11 00:50 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-11 00:49 - 2013-07-11 00:50 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-11 00:49 - 2013-07-11 00:50 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-11 00:49 - 2013-07-11 00:50 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-11 00:49 - 2013-07-11 00:50 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-11 00:49 - 2013-07-11 00:50 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-11 00:49 - 2013-07-11 00:50 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-11 00:49 - 2013-07-11 00:50 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-11 00:49 - 2013-07-11 00:50 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-11 00:49 - 2013-07-11 00:50 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-11 00:49 - 2013-07-11 00:50 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-11 00:49 - 2013-07-11 00:50 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-11 00:49 - 2013-07-11 00:50 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-11 00:49 - 2013-07-11 00:50 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-11 00:49 - 2013-07-11 00:50 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-11 00:49 - 2013-07-11 00:50 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-11 00:49 - 2013-07-11 00:50 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-11 00:49 - 2013-07-11 00:50 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-11 00:49 - 2013-07-11 00:50 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-11 00:49 - 2013-07-11 00:50 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-11 00:49 - 2013-07-11 00:50 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-11 00:49 - 2013-07-11 00:50 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-11 00:49 - 2013-07-11 00:50 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-11 00:49 - 2013-07-11 00:50 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-11 00:49 - 2013-07-11 00:50 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-11 00:49 - 2013-07-11 00:50 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-11 00:49 - 2013-07-11 00:50 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-11 00:49 - 2013-07-11 00:50 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-11 00:49 - 2013-07-11 00:50 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-11 00:49 - 2013-07-11 00:50 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-11 00:23 - 2013-07-11 00:50 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-11 00:23 - 2013-07-11 00:50 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-11 00:23 - 2013-07-11 00:50 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-11 00:23 - 2013-07-11 00:50 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-11 00:23 - 2013-07-11 00:38 - 03153920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-11 00:22 - 2013-07-11 00:31 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-07-11 00:22 - 2013-07-11 00:31 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-10 17:58 - 2013-07-10 17:59 - 00000078 ____C C:\Users\Rolf\Desktop\bankdaten für bud spencer film.txt
2013-07-10 15:54 - 2013-07-10 15:54 - 00000000 ___DC C:\Users\Rolf\AppData\Roaming\IsolatedStorage
2013-07-10 15:54 - 2013-07-10 15:54 - 00000000 ___DC C:\Users\Rolf\AppData\Local\_
2013-07-10 15:54 - 2013-07-10 15:54 - 00000000 ___DC C:\ProgramData\IsolatedStorage
2013-07-10 15:53 - 2013-07-10 15:53 - 00000000 ___DC C:\Program Files\FileViewPro
2013-07-10 14:41 - 2013-07-11 00:31 - 00000000 ___DC C:\Program Files (x86)\AudioKonvertor
2013-07-10 14:40 - 2013-07-10 14:39 - 14178136 ____C C:\Users\Rolf\Downloads\install_audiokonvertor.exe
2013-07-10 00:38 - 2013-07-10 00:38 - 00000000 ___DC C:\Program Files (x86)\DVDVideoSoft
2013-07-10 00:27 - 2013-07-10 00:27 - 01211048 ____C (DVDVideoSoft Ltd. ) C:\Users\Rolf\Downloads\FreeYouTubeToMP3Converter.exe
2013-07-08 21:44 - 2013-07-08 21:44 - 00000000 ___DC C:\Users\Rolf\Documents\CrypTool 2 Projects
2013-07-08 21:44 - 2013-07-08 21:44 - 00000000 ___DC C:\Users\Rolf\AppData\Local\Distributed_Systems_Group
2013-07-08 21:42 - 2013-07-08 21:43 - 00000000 ___DC C:\Users\Rolf\Documents\.jcryptool
2013-07-08 21:41 - 2013-07-08 21:42 - 00000000 ___DC C:\Program Files (x86)\JCrypTool
2013-07-08 21:40 - 2013-07-08 21:40 - 00000000 ___DC C:\Users\Rolf\AppData\Local\CrypTool2
2013-07-08 21:39 - 2013-07-08 21:39 - 00000000 ___DC C:\Program Files (x86)\CrypTool 2
2013-07-05 12:32 - 2013-07-05 12:32 - 00012641 ____C C:\Users\Rolf\Downloads\YoutubeAutoHD.oex
2013-07-05 12:27 - 2013-07-05 12:27 - 00001701 ____C C:\Users\Rolf\Desktop\preisliste schulbücher.txt
2013-07-04 20:44 - 2013-07-27 00:15 - 00000049 ____C C:\Windows\NeroDigital.ini
2013-07-03 18:33 - 2013-07-03 18:33 - 00000835 ____C C:\Users\Public\Desktop\VLC media player.lnk
2013-07-03 18:25 - 2013-07-03 18:27 - 00000000 ___DC C:\Users\Rolf\Downloads\Koenigin.der.Verdammten.German.2002.AC3.DVDRiP.XViD.iNTERNAL-CiA
2013-07-02 13:32 - 2013-07-02 13:32 - 00739856 ____C (Google Inc.) C:\Users\Rolf\Downloads\chrome_installer_27.0.1453.116.exe
2013-07-02 13:31 - 2013-07-02 13:31 - 00219614 ____C C:\Users\Rolf\Documents\bookmarks_02.07.13.html
2013-06-30 13:11 - 2013-07-06 15:37 - 00000033 ____C C:\Users\Rolf\Desktop\BARsaufbienes Radio.m3u
2013-06-30 12:10 - 2013-06-30 12:15 - 00000000 ___DC C:\ProgramData\BlueStacksSetup
2013-06-29 00:31 - 2013-07-16 16:51 - 00000572 ____C C:\Users\Rolf\AppData\Roaming\AutoGK.ini
2013-06-29 00:27 - 2013-06-29 00:27 - 00000000 ___DC C:\Users\Rolf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AviSynth 2.5
2013-06-29 00:27 - 2013-06-29 00:27 - 00000000 ___DC C:\Program Files (x86)\XviD
2013-06-29 00:27 - 2013-06-29 00:27 - 00000000 ___DC C:\Program Files (x86)\AviSynth 2.5
2013-06-29 00:25 - 2013-06-29 00:25 - 00000000 ___DC C:\Users\Rolf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VobSub
2013-06-29 00:25 - 2013-06-29 00:25 - 00000000 ___DC C:\Program Files (x86)\Gabest
2013-06-29 00:23 - 2013-06-29 00:23 - 12341641 ____C C:\Users\Rolf\Downloads\AutoGordianKnot.2.55.Setup.exe
2013-06-28 15:14 - 2013-06-28 15:14 - 00263592 ____C (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-06-28 15:14 - 2013-06-28 15:14 - 00175016 ____C (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-06-28 15:14 - 2013-06-28 15:14 - 00175016 ____C (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-06-28 15:14 - 2013-06-28 15:14 - 00096168 ____C (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-06-27 23:19 - 2013-06-27 23:58 - 00000000 ___DC C:\Program Files (x86)\GetFLV
2013-06-27 20:49 - 2013-06-27 20:49 - 00000000 ___DC C:\Users\Rolf\AppData\Roaming\CrypTool
2013-06-27 20:49 - 2013-06-27 20:49 - 00000000 ___DC C:\Program Files (x86)\CrypTool
2013-06-27 20:19 - 2013-06-27 20:19 - 00000000 ___DC C:\Users\Rolf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2013-06-27 20:15 - 2013-06-27 20:19 - 00001080 ____C C:\Users\Public\Desktop\WinRAR.lnk
2013-06-27 15:59 - 2013-06-27 15:59 - 00002964 ____C C:\Windows\System32\Tasks\{06B7682F-68DE-4311-AE8C-3E50085DAD4F}
2013-06-27 15:58 - 2013-06-27 15:58 - 00002964 ____C C:\Windows\System32\Tasks\{49961235-AB9F-459D-869D-053562B45939}
==================== One Month Modified Files and Folders =======
2013-07-27 19:18 - 2011-11-04 20:56 - 00000000 ___DC C:\Users\Rolf\AppData\Roaming\Skype
2013-07-27 19:17 - 2013-07-27 19:17 - 01780815 ____C (Farbar) C:\Users\Rolf\Desktop\FRST64 (1).exe
2013-07-27 19:17 - 2013-07-27 19:17 - 00000000 ___DC C:\FRST
2013-07-27 19:06 - 2011-01-23 15:15 - 01544281 ____C C:\Windows\WindowsUpdate.log
2013-07-27 19:03 - 2013-07-25 15:53 - 00001742 ____C C:\Windows\PFRO.log
2013-07-27 18:39 - 2013-06-10 13:43 - 00458752 ____C C:\Windows\system32\Ikeext.etl
2013-07-27 18:32 - 2013-07-27 18:31 - 00000005 ____C C:\Users\Rolf\AppData\Roaming\mbam.context.scan
2013-07-27 18:26 - 2009-07-14 01:19 - 00328704 ____C (Microsoft Corporation) C:\Windows\system32\services.exe
2013-07-27 18:17 - 2013-03-20 23:42 - 00000000 ___DC C:\Users\Rolf\AppData\Roaming\BitTorrent
2013-07-27 18:16 - 2012-07-02 19:38 - 00000000 ___DC C:\Users\Rolf\AppData\Local\CrashDumps
2013-07-27 18:13 - 2012-04-08 12:37 - 00000884 ____C C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-27 17:43 - 2013-07-27 17:43 - 00002136 ____C C:\Users\Rolf\Downloads\Ashampoo_Burning_Studio_Elements_10.0.9__Setup_+_Keygen.torrent
2013-07-27 17:41 - 2013-07-27 17:41 - 00002182 ____C C:\Users\Rolf\Downloads\[torrent.cd].Ashampoo_Burning_Studio_Elements_10.0.9_Setup_+_Keygen.torrent
2013-07-27 17:21 - 2013-07-27 17:21 - 72114856 ____C (Ashampoo GmbH & Co. KG ) C:\Users\Rolf\Downloads\ashampoo_burning_studio_elements_10.0.9_sm.exe
2013-07-27 17:11 - 2009-07-14 05:20 - 00000000 ___DC C:\Windows\tracing
2013-07-27 17:00 - 2013-07-27 17:00 - 00001883 ____C C:\Users\Public\Desktop\MyKeyFinder.lnk
2013-07-27 17:00 - 2013-07-27 17:00 - 00000000 ___DC C:\Users\Rolf\AppData\Local\Abelssoft
2013-07-27 17:00 - 2013-07-27 17:00 - 00000000 ___DC C:\Program Files (x86)\MyKeyFinder
2013-07-27 16:59 - 2013-07-27 16:59 - 02962000 ____C (Abelssoft ) C:\Users\Rolf\Downloads\mykeyfinder.exe
2013-07-27 16:23 - 2012-07-22 16:21 - 00000000 ___DC C:\ProgramData\Kaspersky Lab
2013-07-27 02:22 - 2012-10-22 23:07 - 00000000 ___DC C:\Users\Rolf\AppData\Roaming\TS3Client
2013-07-27 02:00 - 2011-01-23 18:34 - 00000000 ___DC C:\Users\Rolf\AppData\Local\Adobe
2013-07-27 01:46 - 2013-03-16 19:34 - 00000000 ___DC C:\ProgramData\firebird
2013-07-27 00:15 - 2013-07-04 20:44 - 00000049 ____C C:\Windows\NeroDigital.ini
2013-07-26 22:01 - 2013-07-26 22:01 - 00000000 ___DC C:\Users\Rolf\Documents\MAGIX
2013-07-26 21:46 - 2011-01-23 15:24 - 00003934 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{0AF23A97-653E-4B26-A3DD-52F6F8B9DA00}
2013-07-26 21:07 - 2013-07-26 21:07 - 00666633 ____C C:\Users\Rolf\Downloads\adwcleaner.exe
2013-07-26 20:40 - 2013-07-26 20:39 - 05093969 ____C (Swearware) C:\Users\Rolf\Downloads\ComboFix.exe
2013-07-26 20:09 - 2010-05-12 10:18 - 04754074 ____C C:\Windows\system32\perfh007.dat
2013-07-26 20:09 - 2010-05-12 10:18 - 01447222 ____C C:\Windows\system32\perfc007.dat
2013-07-26 20:09 - 2009-07-14 07:13 - 00006508 ____C C:\Windows\system32\PerfStringBackup.INI
2013-07-25 20:55 - 2013-07-25 20:55 - 01779761 ____C (Farbar) C:\Users\Rolf\Downloads\FRST64.exe
2013-07-25 16:29 - 2011-11-05 20:53 - 00000000 ___DC C:\Users\Rolf\AppData\Local\PMB Files
2013-07-25 16:07 - 2009-07-14 06:45 - 00009888 ___HC C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-25 16:07 - 2009-07-14 06:45 - 00009888 ___HC C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-25 15:59 - 2012-07-05 23:22 - 00000000 ___DC C:\Users\Rolf\AppData\Roaming\Dropbox
2013-07-25 15:54 - 2012-04-13 16:39 - 00060926 ____C C:\Windows\setupact.log
2013-07-25 15:54 - 2009-07-14 07:08 - 00000006 ___HC C:\Windows\Tasks\SA.DAT
2013-07-25 15:53 - 2012-11-09 17:09 - 00000000 ___DC C:\Program Files (x86)\Mozilla Maintenance Service
2013-07-25 07:32 - 2013-03-24 14:12 - 00000000 ___DC C:\Users\Rolf\AppData\Roaming\vlc
2013-07-25 04:08 - 2012-12-12 20:13 - 00000000 __RDC C:\Program Files (x86)\Skype
2013-07-25 04:08 - 2012-07-06 15:53 - 00000000 __RDC C:\Users\Rolf\Dropbox
2013-07-25 04:08 - 2011-11-04 20:55 - 00000000 ___DC C:\ProgramData\Skype
2013-07-24 23:53 - 2013-07-24 23:52 - 01392906 ____C C:\Users\Rolf\Downloads\licensecrawler130.zip
2013-07-24 23:52 - 2013-07-24 23:52 - 00022220 ____C C:\Users\Rolf\Downloads\language_pack.zip
2013-07-24 22:52 - 2012-03-05 21:07 - 00000000 __RDC C:\Users\Rolf\Desktop\Dj Musik
2013-07-24 18:42 - 2013-03-01 02:16 - 00001614 ____C C:\Users\Rolf\Desktop\DivX Movies.lnk
2013-07-24 18:42 - 2013-03-01 02:11 - 00000000 ___DC C:\Program Files (x86)\DivX
2013-07-24 18:42 - 2013-03-01 02:10 - 00000000 ___DC C:\ProgramData\DivX
2013-07-24 18:40 - 2013-07-24 18:40 - 00957248 ____C (DivX, LLC) C:\Users\Rolf\Downloads\DivXInstaller.exe
2013-07-24 18:40 - 2013-07-24 18:40 - 00000000 ___DC C:\Program Files (x86)\AC3 Player
2013-07-24 18:40 - 2013-07-24 18:40 - 00000000 ____C C:\END
2013-07-24 18:40 - 2013-07-24 18:39 - 06328694 ____C (ac3directshowfilter.com ) C:\Users\Rolf\Downloads\ac3player_setup.exe
2013-07-24 18:33 - 2013-07-24 18:33 - 15730048 ____C (Adobe Systems Inc.) C:\Users\Rolf\Downloads\Shockwave_Installer_Full.exe
2013-07-24 18:30 - 2013-07-24 18:30 - 00000000 ___DC C:\Windows\SysWOW64\Adobe
2013-07-24 18:30 - 2010-11-02 11:41 - 00000000 ___DC C:\Windows\SysWOW64\Macromed
2013-07-24 18:28 - 2013-07-24 18:26 - 07876512 ____C (Adobe Systems Inc.) C:\Users\Rolf\Downloads\Shockwave_Installer_Slim.exe
2013-07-24 18:08 - 2013-07-13 15:12 - 00000000 ___DC C:\Users\Rolf\AppData\Roaming\.minecraft
2013-07-24 17:12 - 2013-07-24 17:12 - 00291890 ____C C:\Users\Rolf\Downloads\CraftGuide-1.6.7.3.zip
2013-07-24 17:11 - 2013-07-24 17:11 - 00287669 ____C C:\Users\Rolf\Downloads\CraftGuide-1.6.7.3-modloader.zip
2013-07-24 17:03 - 2013-07-24 17:03 - 00073973 ____C C:\Users\Rolf\Downloads\Railcraft_API_1.5.2-7.3.0.0.zip
2013-07-24 17:03 - 2013-07-24 17:02 - 02513074 ____C C:\Users\Rolf\Downloads\Railcraft_1.5.2-7.3.0.0.jar
2013-07-24 16:58 - 2013-07-24 16:58 - 00025282 ____C C:\Users\Rolf\Downloads\Elemental-Arrows-Mod-1.5.2.zip
2013-07-24 14:56 - 2013-07-24 14:56 - 00001157 ____C C:\DelFix.txt
2013-07-24 14:56 - 2013-07-24 14:56 - 00000000 ___DC C:\Windows\ERUNT
2013-07-24 14:54 - 2013-07-23 23:13 - 00000000 ___DC C:\Windows\erdnt
2013-07-24 14:43 - 2012-11-09 17:10 - 00001111 ____C C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-07-24 14:43 - 2011-01-27 10:56 - 00000000 ___DC C:\Program Files (x86)\Mozilla Firefox
2013-07-24 14:41 - 2013-07-24 14:41 - 21703480 ____C (Mozilla) C:\Users\Rolf\Downloads\Firefox Setup 22.0.exe
2013-07-24 14:30 - 2010-10-13 12:37 - 00000000 ___DC C:\Program Files\Java
2013-07-24 14:08 - 2013-07-24 14:08 - 12931078 ____C C:\Users\Rolf\Downloads\SCFanpackage.zip
2013-07-24 04:21 - 2013-07-24 04:21 - 00001379 ____C C:\Users\Rolf\Desktop\aestool - Verknüpfung.lnk
2013-07-24 00:02 - 2009-07-14 05:20 - 00000000 _RHDC C:\Users\Default
2013-07-23 23:46 - 2009-07-14 04:34 - 00000215 ____C C:\Windows\system.ini
2013-07-23 22:52 - 2013-07-23 22:52 - 00246561 ____C C:\Users\Rolf\Downloads\superfish adware mit blockierung des antiviren programs - Trojaner-Board.htm
2013-07-23 22:52 - 2013-07-23 22:52 - 00000000 ___DC C:\Users\Rolf\Downloads\superfish adware mit blockierung des antiviren programs - Trojaner-Board_files
2013-07-23 22:44 - 2013-06-26 17:09 - 00000000 ___DC C:\Program Files (x86)\Plus-HD-1.6
2013-07-23 19:30 - 2013-07-23 19:30 - 00000000 ___DC C:\Users\Rolf\AppData\Roaming\LavasoftStatistics
2013-07-23 19:18 - 2013-07-23 19:18 - 00000000 ___DC C:\ProgramData\Downloaded Installations
2013-07-23 19:17 - 2013-07-23 19:17 - 00000000 ___DC C:\Program Files (x86)\Toolbar Cleaner
2013-07-23 19:14 - 2013-07-23 19:14 - 05616264 ____C (Lavasoft Limited) C:\Users\Rolf\Downloads\Adaware53_Installer.exe
2013-07-23 19:14 - 2013-07-23 19:14 - 00014456 ____C (GFI Software) C:\Windows\system32\Drivers\gfibto.sys
2013-07-23 19:14 - 2009-07-14 05:20 - 00000000 ___DC C:\Windows\system32\NDF
2013-07-23 17:53 - 2013-04-28 14:43 - 00000000 ___DC C:\Users\Rolf\Desktop\sound fx daten
2013-07-23 17:47 - 2013-07-23 17:47 - 07937056 ____C C:\Users\Rolf\Downloads\Nightcore - Dynamite.mp4
2013-07-23 17:46 - 2013-07-23 17:46 - 06018938 ____C C:\Users\Rolf\Downloads\Nightcore - Chipz In Black.mp4
2013-07-23 16:36 - 2013-07-23 16:36 - 00726464 ____C (Enigma Software Group USA, LLC.) C:\Users\Rolf\Downloads\SpyHunter-Installer.exe
2013-07-22 14:52 - 2013-07-22 14:52 - 00000000 ___DC C:\Users\Rolf\Documents\My Games
2013-07-21 12:26 - 2013-07-21 12:21 - 321314481 ____C C:\Users\Rolf\Downloads\Winx Club Staffel 5 Folge 1 Die Ölkatastrophe HD Ganze Folge Deutsch _ German.mp4
2013-07-20 20:18 - 2013-07-20 20:13 - 00000000 ___DC C:\ProgramData\Spybot - Search & Destroy
2013-07-20 20:13 - 2013-07-20 20:13 - 00000000 ___DC C:\Windows\System32\Tasks\Safer-Networking
2013-07-20 19:51 - 2011-10-25 19:43 - 00000000 ___DC C:\Users\Rolf\AppData\Roaming\WinRAR
2013-07-20 18:34 - 2013-07-20 18:16 - 417923699 ____C C:\Users\Rolf\Downloads\OM M.rar
2013-07-20 17:49 - 2013-07-20 17:49 - 00659797 ____C C:\Users\Rolf\Downloads\VisualBoyAdvance-1.8.0-beta3.zip
2013-07-20 17:49 - 2013-07-20 17:49 - 00108176 ____C C:\Users\Rolf\Downloads\Metroid 2 - Return of Samus.zip
2013-07-20 17:48 - 2013-07-20 17:43 - 296225020 ____C C:\Users\Rolf\Downloads\Metroid Prime 3 - Trilogy Remaster.zip
2013-07-20 17:25 - 2013-07-20 17:24 - 36271144 ____C (Safer-Networking Ltd. ) C:\Users\Rolf\Downloads\spybot-2.1.exe
2013-07-20 16:00 - 2013-07-20 16:00 - 00000000 ___DC C:\ProgramData\StarApp
2013-07-20 16:00 - 2013-07-20 16:00 - 00000000 ___DC C:\ProgramData\InstallMate
2013-07-20 15:33 - 2013-07-20 15:33 - 00001073 ____C C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-07-20 15:33 - 2013-07-20 15:33 - 00000000 ___DC C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-20 15:23 - 2013-07-20 15:23 - 10285040 ____C (Malwarebytes Corporation ) C:\Users\Rolf\Downloads\mbam-setup-1.75.0.1300.exe
2013-07-20 02:51 - 2013-07-20 02:51 - 17355680 ____C C:\Users\Rolf\Downloads\Crazy Frog - Popcorn.mp4
2013-07-20 02:45 - 2013-07-20 02:45 - 09920468 ____C C:\Users\Rolf\Downloads\CRAZY FROG - Daddy DJ (Clip Officiel).mp4
2013-07-20 02:41 - 2013-07-20 02:41 - 11178752 ____C C:\Users\Rolf\Downloads\Crazy Frog - We Are The Champions.mp4
2013-07-19 23:19 - 2013-07-19 23:19 - 01492584 ____C (Skype Technologies S.A.) C:\Users\Rolf\Downloads\SkypeSetup.exe
2013-07-19 22:34 - 2013-07-19 22:34 - 04179944 ____C (TeamViewer) C:\Users\Rolf\Downloads\TeamViewerQS_de.exe
2013-07-19 19:05 - 2013-07-19 19:04 - 00000000 ___DC C:\Users\Rolf\Downloads\93655
2013-07-19 18:57 - 2013-07-19 18:17 - 123504950 ____C C:\Users\Rolf\Downloads\BSS0H5eVmj9SFYaw-avXtf0rlxafo5XO6bA85w3nUtU.rar
2013-07-19 18:48 - 2013-07-19 18:48 - 00050433 ____C C:\Users\Rolf\Downloads\convert2mp3_video_converter_1.7.crx
2013-07-19 18:47 - 2013-07-19 18:46 - 16658002 ____C C:\Users\Rolf\Downloads\CH!PZ - 1001 Arabian Nights (HQ) OFFICIAL VIDEO FULL HD.mp4
2013-07-19 12:51 - 2013-07-19 12:44 - 00000000 ___DC C:\Windows\system32\MRT
2013-07-18 22:40 - 2013-07-18 22:40 - 00000182 ____C C:\Users\Rolf\Downloads\stream.asx
2013-07-18 03:01 - 2013-07-18 03:02 - 00927399 ____C C:\Users\Rolf\Downloads\CryptMaster.exe
2013-07-18 02:59 - 2013-04-28 14:43 - 00000000 ___DC C:\Users\Rolf\Desktop\tevion usb stick daten
2013-07-18 02:48 - 2013-07-18 02:48 - 00000000 ___DC C:\Users\Rolf\AppData\Roaming\Unity
2013-07-18 02:08 - 2013-07-18 02:08 - 00000973 ____C C:\Users\Public\Desktop\Anti-Twin.lnk
2013-07-18 02:08 - 2013-07-18 02:08 - 00000000 ___DC C:\Program Files (x86)\AntiTwin
2013-07-18 02:07 - 2013-07-18 02:07 - 00643592 ____C (Unity Technologies ApS) C:\Users\Rolf\Downloads\UnityWebPlayer.exe
2013-07-18 02:07 - 2013-07-18 02:07 - 00000000 ___DC C:\Users\Rolf\AppData\Local\Unity
2013-07-17 15:50 - 2013-07-17 15:50 - 00816474 ____C C:\Users\Rolf\Downloads\AntiTwin_19Beta_Setup.exe
2013-07-16 20:19 - 2013-07-16 20:18 - 01327680 ____C C:\Users\Rolf\Downloads\CryptMaster-Downloader.exe
2013-07-16 18:04 - 2013-07-16 18:04 - 00085204 ____C C:\Users\Rolf\Documents\AdwCleaner[S1] gelöschte adwares.txt
2013-07-16 17:49 - 2013-07-16 17:48 - 00000098 ____C C:\Windows\DeleteOnReboot.bat
2013-07-16 16:51 - 2013-06-29 00:31 - 00000572 ____C C:\Users\Rolf\AppData\Roaming\AutoGK.ini
2013-07-16 16:03 - 2013-07-16 16:03 - 00018702 ____C C:\Users\Rolf\Downloads\044.crx
2013-07-16 15:51 - 2011-01-23 15:21 - 00000000 ___DC C:\Users\Rolf\AppData\Local\VirtualStore
2013-07-16 14:15 - 2013-07-16 14:14 - 00000000 ___DC C:\Users\Rolf\Desktop\Bilder
2013-07-15 12:56 - 2013-07-15 12:56 - 00035058 ____C C:\Users\Rolf\Downloads\[FileCopter]turbomodelthingy.zip
2013-07-14 22:40 - 2013-07-14 22:35 - 111769046 ____C C:\Users\Rolf\Downloads\AetherII_Alpha_v1.0.2_MC1.5.1.zip
2013-07-14 22:35 - 2013-07-14 22:35 - 00967536 ____C C:\Users\Rolf\Downloads\AetherII_Alpha_v1.0.2_MC1.5.1.exe
2013-07-14 20:13 - 2013-07-14 20:10 - 03375803 ____C C:\Users\Rolf\Downloads\Industrial-Craft-2-Mod-1.5.2.jar
2013-07-14 19:47 - 2013-07-14 19:47 - 01153651 ____C C:\Users\Rolf\Downloads\Buildcraft Mod 1.5.2.jar
2013-07-14 19:45 - 2013-07-14 19:45 - 00008007 ____C C:\Users\Rolf\Downloads\Atomic-Science-API-1.5.2.zip
2013-07-14 19:01 - 2011-12-01 13:17 - 00000000 ___DC C:\Users\Rolf\AppData\Roaming\ObviousIdea
2013-07-14 17:24 - 2013-07-14 17:24 - 00967536 ____C C:\Users\Rolf\Downloads\der letzte sommer.exe
2013-07-14 15:31 - 2012-04-08 12:37 - 00692104 ____C (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-07-14 15:31 - 2012-04-08 12:37 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-07-14 15:31 - 2011-07-28 16:06 - 00071048 ____C (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-07-14 14:48 - 2011-01-23 15:18 - 00001110 ____C C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-14 14:48 - 2011-01-23 15:18 - 00001106 ____C C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-13 09:57 - 2011-01-23 15:18 - 00004108 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-07-13 09:57 - 2011-01-23 15:18 - 00003856 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-07-13 03:18 - 2011-10-29 23:19 - 00000000 ___DC C:\Users\Rolf\AppData\Roaming\PlayFirst
2013-07-13 03:18 - 2011-10-29 23:19 - 00000000 ___DC C:\ProgramData\PlayFirst
2013-07-13 03:17 - 2013-07-13 03:17 - 00000000 ___DC C:\My Games
2013-07-13 03:16 - 2011-09-15 12:22 - 00000000 ___DC C:\Program Files (x86)\Zylom Games
2013-07-13 03:14 - 2013-07-13 03:14 - 00003006 ____C C:\Windows\System32\Tasks\{3A8EBCFF-7198-49CF-986E-A789C64F20A8}
2013-07-13 00:04 - 2013-07-13 00:04 - 00000000 ___DC C:\ProgramData\Sandlot Games
2013-07-13 00:01 - 2013-07-13 00:01 - 00000000 ___DC C:\Program Files (x86)\Cake Mania 2
2013-07-12 23:58 - 2013-07-12 23:58 - 00000000 ___DC C:\Users\Rolf\AppData\Local\Big Fish
2013-07-12 23:57 - 2013-07-12 23:57 - 00000000 ___DC C:\Boonty
2013-07-12 18:58 - 2013-07-12 18:58 - 00001004 ____C C:\Users\Rolf\Desktop\tatoos - Verknüpfung.lnk
2013-07-11 23:57 - 2012-01-02 21:17 - 00000000 ___DC C:\Users\Rolf\AppData\Roaming\Utherverse
2013-07-11 03:20 - 2009-07-14 06:45 - 08769616 ____C C:\Windows\system32\FNTCACHE.DAT
2013-07-11 03:17 - 2013-03-13 20:55 - 00000000 ___DC C:\Program Files\Microsoft Silverlight
2013-07-11 03:17 - 2013-03-13 20:55 - 00000000 ___DC C:\Program Files (x86)\Microsoft Silverlight
2013-07-11 03:16 - 2009-07-14 09:45 - 00000000 ___DC C:\Program Files\Windows Journal
2013-07-11 03:16 - 2009-07-14 07:32 - 00000000 ___DC C:\Program Files\Windows Defender
2013-07-11 03:16 - 2009-07-14 07:32 - 00000000 ___DC C:\Program Files (x86)\Windows Defender
2013-07-11 00:57 - 2009-07-14 04:34 - 00000534 ____C C:\Windows\win.ini
2013-07-11 00:50 - 2013-07-11 00:49 - 19238912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-11 00:50 - 2013-07-11 00:49 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-11 00:50 - 2013-07-11 00:49 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-11 00:50 - 2013-07-11 00:49 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-11 00:50 - 2013-07-11 00:49 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-11 00:50 - 2013-07-11 00:49 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-11 00:50 - 2013-07-11 00:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-11 00:50 - 2013-07-11 00:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-11 00:50 - 2013-07-11 00:49 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-11 00:50 - 2013-07-11 00:49 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-11 00:50 - 2013-07-11 00:49 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-11 00:50 - 2013-07-11 00:49 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-11 00:50 - 2013-07-11 00:49 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-11 00:50 - 2013-07-11 00:49 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-11 00:50 - 2013-07-11 00:49 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-11 00:50 - 2013-07-11 00:49 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-11 00:50 - 2013-07-11 00:49 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-11 00:50 - 2013-07-11 00:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-11 00:50 - 2013-07-11 00:49 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-11 00:50 - 2013-07-11 00:49 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-11 00:50 - 2013-07-11 00:49 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-11 00:50 - 2013-07-11 00:49 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-11 00:50 - 2013-07-11 00:49 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-11 00:50 - 2013-07-11 00:49 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-11 00:50 - 2013-07-11 00:49 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-11 00:50 - 2013-07-11 00:49 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-11 00:50 - 2013-07-11 00:49 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-11 00:50 - 2013-07-11 00:49 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-11 00:50 - 2013-07-11 00:49 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-11 00:50 - 2013-07-11 00:49 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-11 00:50 - 2013-07-11 00:49 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-11 00:50 - 2013-07-11 00:23 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-11 00:50 - 2013-07-11 00:23 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-11 00:50 - 2013-07-11 00:23 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-11 00:50 - 2013-07-11 00:23 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-11 00:38 - 2013-07-11 00:23 - 03153920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-11 00:31 - 2013-07-11 00:22 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-07-11 00:31 - 2013-07-11 00:22 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-11 00:31 - 2013-07-10 14:41 - 00000000 ___DC C:\Program Files (x86)\AudioKonvertor
2013-07-10 17:59 - 2013-07-10 17:58 - 00000078 ____C C:\Users\Rolf\Desktop\bankdaten für bud spencer film.txt
2013-07-10 15:54 - 2013-07-10 15:54 - 00000000 ___DC C:\Users\Rolf\AppData\Roaming\IsolatedStorage
2013-07-10 15:54 - 2013-07-10 15:54 - 00000000 ___DC C:\Users\Rolf\AppData\Local\_
2013-07-10 15:54 - 2013-07-10 15:54 - 00000000 ___DC C:\ProgramData\IsolatedStorage
2013-07-10 15:53 - 2013-07-10 15:53 - 00000000 ___DC C:\Program Files\FileViewPro
2013-07-10 14:39 - 2013-07-10 14:40 - 14178136 ____C C:\Users\Rolf\Downloads\install_audiokonvertor.exe
2013-07-10 00:38 - 2013-07-10 00:38 - 00000000 ___DC C:\Program Files (x86)\DVDVideoSoft
2013-07-10 00:38 - 2013-05-04 21:27 - 00001362 ____C C:\Users\Public\Desktop\Free YouTube to MP3 Converter.lnk
2013-07-10 00:38 - 2011-10-09 16:41 - 00000000 ___DC C:\Users\Rolf\AppData\Roaming\DVDVideoSoft
2013-07-10 00:27 - 2013-07-10 00:27 - 01211048 ____C (DVDVideoSoft Ltd. ) C:\Users\Rolf\Downloads\FreeYouTubeToMP3Converter.exe
2013-07-08 21:44 - 2013-07-08 21:44 - 00000000 ___DC C:\Users\Rolf\Documents\CrypTool 2 Projects
2013-07-08 21:44 - 2013-07-08 21:44 - 00000000 ___DC C:\Users\Rolf\AppData\Local\Distributed_Systems_Group
2013-07-08 21:43 - 2013-07-08 21:42 - 00000000 ___DC C:\Users\Rolf\Documents\.jcryptool
2013-07-08 21:42 - 2013-07-08 21:41 - 00000000 ___DC C:\Program Files (x86)\JCrypTool
2013-07-08 21:40 - 2013-07-08 21:40 - 00000000 ___DC C:\Users\Rolf\AppData\Local\CrypTool2
2013-07-08 21:39 - 2013-07-08 21:39 - 00000000 ___DC C:\Program Files (x86)\CrypTool 2
2013-07-06 15:37 - 2013-06-30 13:11 - 00000033 ____C C:\Users\Rolf\Desktop\BARsaufbienes Radio.m3u
2013-07-05 12:32 - 2013-07-05 12:32 - 00012641 ____C C:\Users\Rolf\Downloads\YoutubeAutoHD.oex
2013-07-05 12:27 - 2013-07-05 12:27 - 00001701 ____C C:\Users\Rolf\Desktop\preisliste schulbücher.txt
2013-07-03 18:33 - 2013-07-03 18:33 - 00000835 ____C C:\Users\Public\Desktop\VLC media player.lnk
2013-07-03 18:27 - 2013-07-03 18:25 - 00000000 ___DC C:\Users\Rolf\Downloads\Koenigin.der.Verdammten.German.2002.AC3.DVDRiP.XViD.iNTERNAL-CiA
2013-07-02 13:33 - 2011-01-23 15:23 - 00000000 ___DC C:\Users\Rolf\AppData\Local\Google
2013-07-02 13:32 - 2013-07-02 13:32 - 00739856 ____C (Google Inc.) C:\Users\Rolf\Downloads\chrome_installer_27.0.1453.116.exe
2013-07-02 13:31 - 2013-07-02 13:31 - 00219614 ____C C:\Users\Rolf\Documents\bookmarks_02.07.13.html
2013-07-02 01:07 - 2013-06-26 02:02 - 00000000 _SHDC C:\Windows\SysWOW64\AI_RecycleBin
2013-07-02 01:06 - 2013-06-26 02:20 - 00000000 ___DC C:\Users\Rolf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AeriaGames
2013-07-02 01:06 - 2011-10-13 01:25 - 00000000 ___DC C:\AeriaGames
2013-07-02 00:46 - 2009-07-14 05:20 - 00000000 _RHDC C:\Users\Public\Libraries
2013-06-30 12:15 - 2013-06-30 12:10 - 00000000 ___DC C:\ProgramData\BlueStacksSetup
2013-06-29 19:46 - 2013-03-25 18:31 - 00000000 ___DC C:\Users\Rolf\AppData\Roaming\dvdcss
2013-06-29 02:26 - 2012-07-01 17:06 - 00003704 _____ C:\Windows\System32\Tasks\Java Update Scheduler
2013-06-29 00:27 - 2013-06-29 00:27 - 00000000 ___DC C:\Users\Rolf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AviSynth 2.5
2013-06-29 00:27 - 2013-06-29 00:27 - 00000000 ___DC C:\Program Files (x86)\XviD
2013-06-29 00:27 - 2013-06-29 00:27 - 00000000 ___DC C:\Program Files (x86)\AviSynth 2.5
2013-06-29 00:25 - 2013-06-29 00:25 - 00000000 ___DC C:\Users\Rolf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VobSub
2013-06-29 00:25 - 2013-06-29 00:25 - 00000000 ___DC C:\Program Files (x86)\Gabest
2013-06-29 00:23 - 2013-06-29 00:23 - 12341641 ____C C:\Users\Rolf\Downloads\AutoGordianKnot.2.55.Setup.exe
2013-06-28 20:08 - 2012-12-27 02:42 - 00000000 ___DC C:\Users\Rolf\AppData\Local\PhoenixViewer
2013-06-28 19:17 - 2011-11-10 12:25 - 00000000 ___DC C:\Users\Rolf\AppData\Local\Akamai
2013-06-28 15:14 - 2013-06-28 15:14 - 00263592 ____C (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-06-28 15:14 - 2013-06-28 15:14 - 00175016 ____C (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-06-28 15:14 - 2013-06-28 15:14 - 00175016 ____C (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-06-28 15:14 - 2013-06-28 15:14 - 00096168 ____C (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-06-28 15:14 - 2012-06-20 21:12 - 00867240 ____C (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2013-06-28 15:14 - 2010-07-07 18:34 - 00789416 ____C (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-06-28 11:00 - 2012-07-05 23:47 - 00000000 ___DC C:\Program Files\WinRAR
2013-06-28 08:43 - 2013-04-13 23:14 - 00001203 ____C C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk
2013-06-27 23:58 - 2013-06-27 23:19 - 00000000 ___DC C:\Program Files (x86)\GetFLV
2013-06-27 20:49 - 2013-06-27 20:49 - 00000000 ___DC C:\Users\Rolf\AppData\Roaming\CrypTool
2013-06-27 20:49 - 2013-06-27 20:49 - 00000000 ___DC C:\Program Files (x86)\CrypTool
2013-06-27 20:19 - 2013-06-27 20:19 - 00000000 ___DC C:\Users\Rolf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2013-06-27 20:19 - 2013-06-27 20:15 - 00001080 ____C C:\Users\Public\Desktop\WinRAR.lnk
2013-06-27 15:59 - 2013-06-27 15:59 - 00002964 ____C C:\Windows\System32\Tasks\{06B7682F-68DE-4311-AE8C-3E50085DAD4F}
2013-06-27 15:58 - 2013-06-27 15:58 - 00002964 ____C C:\Windows\System32\Tasks\{49961235-AB9F-459D-869D-053562B45939}
2013-06-27 13:37 - 2010-07-07 18:28 - 00000000 ___DC C:\Program Files (x86)\Adobe
2013-06-27 13:25 - 2005-10-10 19:06 - 00080655 ___HC C:\Users\Rolf\AppData\Roaming\Rolfv1.18.0 - Trial versionlog.dat
ZeroAccess:
C:\Windows\Installer\{f83a451a-099f-921b-9482-2c39ad2569aa}
C:\Windows\Installer\{f83a451a-099f-921b-9482-2c39ad2569aa}\@
C:\Windows\Installer\{f83a451a-099f-921b-9482-2c39ad2569aa}\L
C:\Windows\Installer\{f83a451a-099f-921b-9482-2c39ad2569aa}\U
C:\Windows\Installer\{f83a451a-099f-921b-9482-2c39ad2569aa}\L\00000004.@
C:\Windows\Installer\{f83a451a-099f-921b-9482-2c39ad2569aa}\U\00000004.@
C:\Windows\Installer\{f83a451a-099f-921b-9482-2c39ad2569aa}\U\00000008.@
C:\Windows\Installer\{f83a451a-099f-921b-9482-2c39ad2569aa}\U\000000cb.@
C:\Windows\Installer\{f83a451a-099f-921b-9482-2c39ad2569aa}\U\80000000.@
C:\Windows\Installer\{f83a451a-099f-921b-9482-2c39ad2569aa}\U\80000032.@
C:\Windows\Installer\{f83a451a-099f-921b-9482-2c39ad2569aa}\U\80000064.@
ZeroAccess:
C:\Windows\assembly\GAC_64\Desktop.ini
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
C:\Program Files\Windows Defender\mpsvc.dll => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender
LastRegBack: 2013-07-24 06:37
==================== End Of Log ============================
|
|
27.07.2013, 21:46
| #4 |
| | backdoor.WIN32.ZAccess.mbs wurde gefunden system ausfall folge windwos nur noch über abgesicherten modus startbar und hier der addition log Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-07-2013 04 Ran by Rolf at 2013-07-27 19:23:35 Running from C:\Users\Rolf\Desktop Boot Mode: Safe Mode (with Networking) ========================================================== ==================== Installed Programs ======================= 64 Bit HP CIO Components Installer (Version: 4.2.1) AC3 Player version 1.0 (x32 Version: 1.0) AChat 1.17 high detail textures and additional music (x32) Acrobat.com (x32 Version: 1.6.65) Adobe Acrobat 9 Pro - English, Français, Deutsch (x32 Version: 9.5.5) Adobe Acrobat 9.5.5 - CPSID_83708 (x32) Adobe AIR (x32 Version: 3.4.0.2710) Adobe Anchor Service CS4 (x32 Version: 2.0) Adobe Anchor Service x64 CS4 (Version: 2.0) Adobe Asset Services CS4 (x32 Version: 4) Adobe Bridge CS4 (x32 Version: 3) Adobe CMaps CS4 (x32 Version: 2.0) Adobe CMaps x64 CS4 (Version: 2.0) Adobe Color - Photoshop Specific CS4 (x32 Version: 2.0) Adobe Color EU Recommended Settings CS4 (x32 Version: 2.0) Adobe Color JA Extra Settings CS4 (x32 Version: 2.0) Adobe Color NA Extra Settings CS4 (x32 Version: 2.0) Adobe Color Video Profiles CS CS4 (x32 Version: 2.0) Adobe Creative Suite 4 Design Premium (x32 Version: 4.0) Adobe CSI CS4 (x32 Version: 1) Adobe CSI CS4 x64 (Version: 1) Adobe Default Language CS4 (x32 Version: 2.0) Adobe Device Central CS4 (x32 Version: 2) Adobe Dreamweaver CS4 (x32 Version: 10.0) Adobe Dreamweaver CS6 (x32 Version: 12) Adobe Drive CS4 (x32 Version: 1) Adobe Drive CS4 x64 (Version: 1) Adobe Dynamiclink Support (x32 Version: 1) Adobe ExtendScript Toolkit CS4 (x32 Version: 3.0.0) Adobe Extension Manager CS4 (x32 Version: 2.0) Adobe Fireworks CS4 (x32 Version: 10.0) Adobe Flash CS4 (x32 Version: 10.0) Adobe Flash CS4 Extension - Flash Lite STI others (x32 Version: 3.0) Adobe Flash CS4 STI-other (x32 Version: 10.0) Adobe Flash Player 11 ActiveX (x32 Version: 11.7.700.224) Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.94) Adobe Fonts All (x32 Version: 2.0) Adobe Fonts All x64 (Version: 2.0) Adobe Help Manager (x32 Version: 4.0.244) Adobe Illustrator CS4 (x32 Version: 14.0) Adobe InDesign CS4 (x32 Version: 6.0) Adobe InDesign CS4 Application Feature Set Files (Roman) (x32 Version: 6.0) Adobe InDesign CS4 Common Base Files (x32 Version: 6.0) Adobe InDesign CS4 Icon Handler (x32 Version: 6.0) Adobe InDesign CS4 Icon Handler x64 (Version: 6.0) Adobe Linguistics CS4 (x32 Version: 4.0.0) Adobe Linguistics CS4 x64 (Version: 4.0.0) Adobe Media Encoder CS4 (x32 Version: 1.0) Adobe Media Encoder CS4 Importer (x32 Version: 1.0) Adobe Media Player (x32 Version: 0.0.0) Adobe Media Player (x32 Version: 1.1) Adobe Output Module (x32 Version: 2.0) Adobe PDF Library Files CS4 (x32 Version: 9.0) Adobe PDF Library Files x64 CS4 (Version: 9.0) Adobe Photoshop CS4 (64 Bit) (Version: 11.0) Adobe Photoshop CS4 (x32 Version: 11.0) Adobe Photoshop CS4 Support (x32 Version: 11.0) Adobe Reader XI (11.0.03) (x32 Version: 11.0.03) Adobe Search for Help (x32 Version: 1.0) Adobe Service Manager Extension (x32 Version: 1.0) Adobe Setup (x32 Version: 2.0) Adobe SGM CS4 (x32 Version: 3.0) Adobe Shockwave Player 12.0 (x32 Version: 12.0.3.133) Adobe SING CS4 (x32 Version: 2.0) Adobe Type Support CS4 (x32 Version: 9.0) Adobe Type Support x64 CS4 (Version: 9.0) Adobe Update Manager CS4 (x32 Version: 6.0.0) Adobe Version Cue CS4 Server (x32 Version: 4.0) Adobe Widget Browser (x32 Version: 2.0 Build 348) Adobe Widget Browser (x32 Version: 2.0.348) Adobe WinSoft Linguistics Plugin (x32 Version: 1.1) Adobe WinSoft Linguistics Plugin x64 (Version: 1.1) Adobe XMP Panels CS4 (x32 Version: 2.0) AdobeColorCommonSetCMYK (x32 Version: 2.0) AdobeColorCommonSetRGB (x32 Version: 2.0) Advanced Archive Password Recovery (x32 Version: 4.54.48.1338) Advanced RAR Password Recovery (remove only) (x32) AFS-Buchhalter 2009 (x32 Version: 5.00.0000) AFS-Kaufmann V10 (x32 Version: 9.00.0000) AION Free-to-Play Version 1.0 (x32 Version: 1.0) AirXonix version 1.37G (x32) Akamai NetSession Interface (HKCU) Akamai NetSession Interface Service (x32) Angry Birds (x32 Version: 3.0.0) Angry Birds Rio (x32 Version: 1.4.2) Angry Birds Seasons (x32 Version: 3.3.0) Angry Birds Space (x32 Version: 1.3.1) Angry Birds Star Wars (x32 Version: 1.1.2) Anti-Twin (Installation 18.07.2013) (x32) Apple Application Support (x32 Version: 2.3.4) Apple Mobile Device Support (Version: 6.1.0.13) Apple Software Update (x32 Version: 2.1.3.127) applicationupdater (HKCU) Ashampoo Burning Studio (x32 Version: 9.23.0) Ashampoo Burning Studio Elements 10.0.9 (x32 Version: 3.1.1) Ashampoo Photo Commander (x32 Version: 8.3.2) Ashampoo Photo Optimizer (x32 Version: 3.12.0) Ashampoo Registry Cleaner v.1.00 (x32 Version: 1.0.0) Ashampoo Snap (x32 Version: 3.4.1) Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (x32 Version: 1.0.0.27) AudibleManager (x32 Version: 2005810414.48.56.32181618) Autodesk Backburner 2013.0.0 (x32 Version: 2013.0.0) AviSynth 2.5 (x32) BitTorrent (x32 Version: 7.8.0.29626) Bonjour (Version: 3.0.0.10) BufferChm (x32 Version: 100.0.170.000) Cake Mania 2 (x32) Cisco EAP-FAST Module (x32 Version: 2.2.14) Cisco LEAP Module (x32 Version: 1.0.19) Cisco PEAP Module (x32 Version: 1.1.6) CloneDVD 6.0.0.1 (x32) Compatibility Pack für 2007 Office System (x32 Version: 12.0.6612.1000) Connect (x32 Version: 1.0.0.1) Core Temp 1.0 RC4 (Version: 1.0) Corel KPT Collection (x32 Version: 1.0.0.46) Corel KPT Collection (x32 Version: 1.00.0000) Corel PaintShop Pro Brush Content (x32 Version: 1.0.0.39) Corel PaintShop Pro Brush Content (x32 Version: 1.00.0000) Corel PaintShop Pro Misc Content (x32 Version: 1.0.0.42) Corel PaintShop Pro Misc Content (x32 Version: 1.0.0.44) Corel PaintShop Pro Misc Content (x32 Version: 1.0.0.45) Corel PaintShop Pro Misc Content (x32 Version: 1.0.0.63) Corel PaintShop Pro Misc Content (x32 Version: 1.0.0.64) Corel PaintShop Pro Misc Content (x32 Version: 1.0.0.65) Corel PaintShop Pro Misc Content (x32 Version: 1.0.0.66) Corel PaintShop Pro Misc Content (x32 Version: 1.00.0000) Corel PaintShop Pro Picture Frame Content (x32 Version: 1.0.0.41) Corel PaintShop Pro Picture Frame Content (x32 Version: 1.00.0000) Corel PaintShop Pro Picture Tube Content (x32 Version: 1.0.0.40) Corel PaintShop Pro Picture Tube Content (x32 Version: 1.00.0000) Corel PaintShop Pro X4 (x32 Version: 14.2.0.1) Corel PaintShop Pro X4 (x32 Version: 14.3.0.3) Corel PaintShop Pro X5 (x32 Version: 15.1.0.10) Corel PaintShop Pro X5 (x32 Version: 15.2.0.12) Corel Shell Extension - 64Bit (Version: 14.0) CorelDRAW Essentials 4 - Content (x32 Version: 4.0) CorelDRAW Essentials 4 - Draw (x32 Version: 4.0) CorelDRAW Essentials 4 - Filters (x32 Version: 4.0) CorelDRAW Essentials 4 - ICA (x32 Version: 4.0) CorelDRAW Essentials 4 - IPM - No VBA (x32 Version: 4.0) CorelDRAW Essentials 4 - Lang BR (x32 Version: 4.0) CorelDRAW Essentials 4 - Lang DE (x32 Version: 4.0) CorelDRAW Essentials 4 - Lang EN (x32 Version: 4.0) CorelDRAW Essentials 4 - Lang ES (x32 Version: 4.0) CorelDRAW Essentials 4 - Lang FR (x32 Version: 4.0) CorelDRAW Essentials 4 - Lang IT (x32 Version: 4.0) CorelDRAW Essentials 4 - Lang NL (x32 Version: 4.0) CorelDRAW Essentials 4 - PHOTO-PAINT (x32 Version: 4.0) CorelDRAW Essentials 4 - Windows Shell Extension (x32 Version: 1.1) CorelDRAW Essentials 4 - Windows Shell Extension (x32) CorelDRAW Essentials 4 (x32 Version: 4.0) CorelDRAW Essentials 4 (x32) CrypTool 1.4.31 (x32 Version: 1.4.31) CustomerResearchQFolder (x32 Version: 1.00.0000) CyberGhost VPN CyberLink LabelPrint (x32 Version: 2.5.3418) CyberLink MediaShow (x32 Version: 5.0.1410a) CyberLink MediaShow Espresso (x32 Version: 5.5.1412_24021a) CyberLink PhotoNow (x32 Version: 1.1.0.6904) CyberLink Power2Go (x32 Version: 6.1.3802) CyberLink PowerDirector (x32 Version: 8.0.3224a) CyberLink PowerDVD 10 (x32 Version: 10.0.2225) CyberLink PowerDVD Copy (x32 Version: 1.5.1306) CyberLink PowerProducer (x32 Version: 5.0.2.2429) CyberLink YouCam (x32 Version: 3.1.3428) D3DX10 (x32 Version: 15.4.2368.0902) Deep Exploration (x32 Version: 5.0.4) Deep Publish (x32 Version: 5.0.493) Der Planer 4 Version 1.3 (x32) DesignPro 5 (x32 Version: 5.0.1056) DeviceDiscovery (x32 Version: 100.0.190.000) DeviceManagementQFolder (x32 Version: 1.00.0000) DivX-Setup (x32 Version: 2.6.1.44) Dropbox (HKCU Version: 2.0.22) Dupemaster 1.7.0.1 (x32 Version: 1.7.0.1) ELBA BYTE 2.0 (x32) Fahrtenbuch.de Version 10 (x32) ffdshow v1.2.4422 [2012-04-09] (x32 Version: 1.2.4422.0) FileViewPro (Version: 1.5) Filzip 3.06 (x32 Version: 3.0.6) Firebird 2.5.0.26074 (Win32) (x32 Version: 2.5.0.26074) Fotogalerie (x32 Version: 16.4.3505.0912) Fotogalerija (x32 Version: 16.4.3505.0912) Fotogalleriet (x32 Version: 16.4.3505.0912) Fotoğraf Galerisi (x32 Version: 16.4.3505.0912) Fotótár (x32 Version: 16.4.3505.0912) FoxTab PDF Creator (HKCU) Free Audio Dub version 1.7.9.908 (x32 Version: 1.7.9.908) Free Video Call Recorder for Skype version 1.1.0.319 (x32 Version: 1.1.0.319) Free YouTube to MP3 Converter version 3.12.5.628 (x32 Version: 3.12.5.628) Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922) Galería de fotos (x32 Version: 16.4.3505.0912) Galeria fotografii (x32 Version: 16.4.3505.0912) Galerie de photos (x32 Version: 16.4.3505.0912) Gameforge Live 1.0 "Legend" (x32 Version: 1.0.1717) gamelauncher-ps2-psg (HKCU) gamelauncher-ps2-psg (x86)-Sony (HKCU) G-Force (x32 Version: 4.3.1) GIMP 2.8.4 (Version: 2.8.4) GLC_Player (x32) Google Chrome (x32 Version: 28.0.1500.72) Google Toolbar for Internet Explorer (x32 Version: 1.0.0) Google Toolbar for Internet Explorer (x32 Version: 7.5.4209.2358) Google Update Helper (x32 Version: 1.3.21.153) Haali Media Splitter (x32) HP Color LaserJet 3600 (02/27/2007 61.063.461.41) (Version: 02/27/2007 61.063.461.41) HP Color LaserJet CM1312 MFP Series 5.1 (Version: 5.1) HP Customer Participation Program 10.0 (Version: 10.0) HP Imaging Device Functions 10.0 (Version: 10.0) hppCLJCM1312 (x32 Version: 005.001.00142) hppFaxDrvCM1312 (x32 Version: 005.000.00001) hppFaxUtilityCM1312 (x32 Version: 005.001.00137) hppFonts (x32 Version: 001.001.00061) hppManualsCM1312 (x32 Version: 005.001.00145) hppQFolderCM1312 (x32 Version: 1.00.0000) hppScanToCM1312 (x32 Version: 005.001.00140) hppSendFaxCM1312 (x32 Version: 005.000.00001) hppusgCM1312 (x32 Version: 1.1.0.1) ICA (x32 Version: 14.2.0.1) ICA (x32 Version: 15.1.0.10) IMVU Avatar Chat Software (HKCU) Intel(R) Graphics Media Accelerator Driver (x32 Version: 8.15.10.2189) Intel(R) Management Engine Components (x32 Version: 6.0.0.1179) Intel(R) Rapid Storage Technology (x32 Version: 9.6.0.1014) Internet Explorer (x32 Version: 9) Internet-TV für Windows Media Center (x32 Version: 4.2.2.0) IPM_PSP_COM (x32 Version: 14.2.0.1) IPM_PSP_COM (x32 Version: 15.1.0.10) IsoBuster 3.2 (x32 Version: 3.2) iTunes (Version: 11.0.4.4) Java 7 Update 25 (x32 Version: 7.0.250) Java Auto Updater (x32 Version: 2.1.9.5) JCrypTool (x32 Version: 0.9.7) Junk Mail filter update (x32 Version: 16.4.3505.0912) Kaspersky Internet Security 2013 (x32 Version: 13.0.1.4190) KODAK Create@Home Software (für dm) (x32 Version: 7.3.6392) kuler (x32 Version: 2.0) Landwirtschafts-Simulator 2009 Gold (x32) LastChaosGER (x32 Version: 1.00.000) Launch Manager (x32 Version: 1.5.1.2) Lexware Info Service (x32 Version: 2.70.00.0081) Lexware kassenbuch 2007 (x32 Version: 7.00) Light Image Resizer 4.4.1.0 (x32 Version: 4.4.1.0) MagicDisc 2.7.106 (x32) MAGIX Content und Soundpools (x32 Version: 1.0.0.0) MAGIX Speed burnR (MSI) (Version: 7.0.1.27) MAGIX Speed burnR (MSI) (x32 Version: 7.0.1.27) Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300) MarketResearch (x32 Version: 100.0.170.000) Mass Effect (x32 Version: 1.00) Mass Effect 2 (x32 Version: 1.02) Medion Home Cinema (x32 Version: 8.0.2213) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319) Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319) Microsoft .NET Framework 4 Extended (Version: 4.0.30319) Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319) Microsoft Application Error Reporting (Version: 12.0.6015.5000) Microsoft IntelliPoint 8.2 (Version: 8.20.468.0) Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003) Microsoft Office Live Add-in 1.5 (x32 Version: 2.0.4024.1) Microsoft Office Professional Edition 2003 (x32 Version: 11.0.8173.0) Microsoft Silverlight (Version: 5.1.20513.0) Microsoft SkyDrive (HKCU Version: 16.4.6013.0910) Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000) Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001) Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (Version: 9.0.30729.4148) Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (x32 Version: 9.0.30729.5570) Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022.218 (Version: 9.0.21022.218) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (Version: 10.0.30319) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219) Mobile Partner (x32 Version: 11.302.06.07.40) Movie Maker (x32 Version: 16.4.3505.0912) Mozilla Firefox 22.0 (x86 de) (x32 Version: 22.0) Mozilla Firefox Packages (HKCU) Mozilla Maintenance Service (x32 Version: 22.0) MSI to redistribute MS VS2005 CRT libraries (x32 Version: 8.0.50727.42) MSVCRT (x32 Version: 15.4.2862.0708) MSVCRT_amd64 (x32 Version: 15.4.2862.0708) MSVCRT110 (x32 Version: 16.4.1108.0727) MSVCRT110_amd64 (Version: 16.4.1109.0912) MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0) MSXML 4.0 SP3 Parser (KB2758694) (x32 Version: 4.30.2117.0) MSXML 4.0 SP3 Parser (x32 Version: 4.30.2100.0) MyKeyFinder (x32 Version: 2013) Nero 6 Demo (x32) Network Stumbler 0.4.0 (remove only) (x32) No23 Recorder (x32 Version: 2.1.0.3) NVIDIA PhysX (x32 Version: 9.09.0814) ONAIR 4.0.0.855 Opera 12.15 (x32 Version: 12.15.1748) Opera Next 15.0.1147.100 (x32 Version: 15.0.1147.100) Origin (x32 Version: 9.1.12.73) Overwolf (x32 Version: 0.41.236) Pando Media Booster (x32 Version: 2.3.6.0) PDF Settings CS4 (x32 Version: 9.0) PDFCreator (x32 Version: 1.6.0) Personal ID (x32 Version: 1.8.5.202) Phoenix Viewer 1.6.0.1691 (x32) Photo Common (x32 Version: 16.4.3505.0912) Photo Gallery (x32 Version: 16.4.3505.0912) Photoshop Camera Raw (x32 Version: 5.0) Photoshop Camera Raw_x64 (Version: 5.0) Pixel Bender Toolkit (x32 Version: 1.0) PlanetSide 2 (HKCU Version: 1.0.3.181) PlayReady PC Runtime amd64 (Version: 1.3.0) Poczta usługi Windows Live (x32 Version: 16.4.3505.0912) Podstawowe programy Windows Live (x32 Version: 16.4.3505.0912) Pokki (HKCU Version: 0.260.6.332) Pošta Windows Live (x32 Version: 16.4.3505.0912) Power MP3 WMA Converter 2011, (ver 6.1) (x32 Version: 6.1) PSPPContent (x32 Version: 14.3.0.2) PSPPContent (x32 Version: 15.2.0.12) PSPPHelp (x32 Version: 14.2.0.1) PSPPHelp (x32 Version: 15.1.0.10) PSPPro64 (Version: 14.2.0.1) PSPPro64 (Version: 15.1.0.10) pTool 2.0 (Beta 9 - Build 5151.1) (Version: 2.0.5151.1) QuickTime (x32 Version: 7.73.80.64) Raccolta foto (x32 Version: 16.4.3505.0912) RAR Password Recovery v1.1 RC16 (remove only) (x32) Realtek High Definition Audio Driver (x32 Version: 6.0.1.6237) Realtek USB 2.0 Card Reader (x32 Version: 6.1.7600.30121) REALTEK Wireless LAN Driver (x32 Version: 1.00.0148) Registry Repair 4.1.0.388 (x32 Version: 4.1.0.388) Remote Mouse version 1.09 (x32 Version: 1.09) Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.26.0) Revo Uninstaller 1.94 (x32 Version: 1.94) RollerCoaster Tycoon 3 (x32 Version: 1.00.000) Safari (x32 Version: 5.34.55.3) SAM3 (remove only) (x32) Samplitude Music Studio 2013 (Demo projects) (Version: 1.0.0.0) Samplitude Music Studio 2013 (Demo projects) (x32 Version: 1.0.0.0) Samplitude Music Studio 2013 (Independence) (Version: 1.1.0.0) Samplitude Music Studio 2013 (Independence) (x32 Version: 1.1.0.0) Samplitude Music Studio 2013 (Introductory videos) (Version: 1.0.0.0) Samplitude Music Studio 2013 (Introductory videos) (x32 Version: 1.0.0.0) Samplitude Music Studio 2013 (Object synthesizers) (Version: 1.0.0.0) Samplitude Music Studio 2013 (Object synthesizers) (x32 Version: 1.0.0.0) Samplitude Music Studio 2013 (Solo Jam-Session & Easy-Recording Content) (Version: 1.0.0.0) Samplitude Music Studio 2013 (Solo Jam-Session & Easy-Recording Content) (x32 Version: 1.0.0.0) Samplitude Music Studio 2013 (Version: 19.0.1.18) Samplitude Music Studio 2013 (x32 Version: 19.0.1.18) Samplitude Music Studio 2013 Soundpools (Version: 1.0.0.0) SecondLifeViewer (remove only) (x32) Secret City (x32 Version: 1.9.4152) Servicepack Datumsaktualisierung (x32 Version: 1.00.00.0005) Setup (x32 Version: 14.2.0.1) Setup (x32 Version: 15.1.0.10) SHOUTcast Source DSP Plug-in v2 (x32 Version: 2.3.2) SimCity 4 Deluxe (x32) Skype™ 6.6 (x32 Version: 6.6.106) Spotify (HKCU Version: 0.8.5.1333.g822e0de8) StarMoney (x32 Version: 2.0) StarMoney Business 4.0 Deutsche Bank Edition (x32 Version: 4.0) streamWriter (x32) Suite Shared Configuration CS4 (x32 Version: 1.0) swMSM (x32 Version: 12.0.0.1) Synaptics Pointing Device Driver (Version: 14.0.19.0) System Requirements Lab for Intel (x32 Version: 4.5.11.0) TeamSpeak 3 Client (x32 Version: 3.0.10.1) TERA (x32 Version: 19.04.02.03.hf3) The Void (x32) TrayApp (x32 Version: 100.0.170.000) Tunatic (x32) TuneUp Utilities (x32 Version: 9.0.6030.1) TuneUp Utilities Language Pack (de-DE) (x32 Version: 9.0.6030.1) Unity Web Player (HKCU Version: ) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1) Valokuvavalikoima (x32 Version: 16.4.3505.0912) VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0) Versandhelfer (x32 Version: 0.9.511) Virtual DJ Pro Full - Atomix Productions (x32) Vita 2 (Version: 1.0.0.0) Vita 2 Zusatzcontent (Version: 1.0.0.0) Vita Bass Machine (Version: 1.0.0.0) Vita Rock Drums (Version: 1.0.0.0) Vita String Ensemble (Version: 1.0.0.0) Vita World Percussion (Version: 1.0.0.0) VLC media player 2.0.7 (Version: 2.0.7) VobSub v2.23 (Remove Only) (x32) VR-NetWorld (x32) WebReg (x32 Version: 100.0.170.000) WhiteCap (x32 Version: 5.7) Winamp (x32 Version: 5.63 ) Winamp Erkennungs-Plug-in (HKCU Version: 1.0.0.1) Windows Live Communications Platform (x32 Version: 16.4.3505.0912) Windows Live Essentials (x32 Version: 15.4.3502.0922) Windows Live Essentials (x32 Version: 16.4.3505.0912) Windows Live Fotogalleri (x32 Version: 15.4.3502.0922) Windows Live ID Sign-in Assistant (Version: 7.250.4311.0) Windows Live Installer (x32 Version: 16.4.3505.0912) Windows Live Mail (x32 Version: 15.4.3502.0922) Windows Live Mail (x32 Version: 16.4.3505.0912) Windows Live Messenger (x32 Version: 15.4.3502.0922) Windows Live Messenger (x32 Version: 16.4.3505.0912) Windows Live MIME IFilter (Version: 16.4.3505.0912) Windows Live Movie Maker (x32 Version: 15.4.3502.0922) Windows Live Photo Common (x32 Version: 15.4.3502.0922) Windows Live Photo Common (x32 Version: 16.4.3505.0912) Windows Live PIMT Platform (x32 Version: 16.4.3505.0912) Windows Live SOXE (x32 Version: 16.4.3505.0912) Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912) Windows Live Temel Parçalar (x32 Version: 16.4.3505.0912) Windows Live UX Platform (x32 Version: 16.4.3505.0912) Windows Live UX Platform Language Pack (x32 Version: 15.4.3502.0922) Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912) Windows Live Writer (x32 Version: 15.4.3502.0922) Windows Live Writer (x32 Version: 16.4.3505.0912) Windows Live Writer Resources (x32 Version: 15.4.3502.0922) Windows Live Writer Resources (x32 Version: 16.4.3505.0912) Windows Liven peruspaketti (x32 Version: 16.4.3505.0912) Windows Liven sähköposti (x32 Version: 16.4.3505.0912) Windows Media Center Add-in for Silverlight (x32 Version: 4.7.3.0) Windows Media Encoder 9 Series (x32 Version: 9.00.2980) Windows Media Encoder 9 Series (x32) Windows Media Player Firefox Plugin (x32 Version: 1.0.0.8) WinRAR 4.20 (64-Bit) (Version: 4.20.0) Wizard101(DE) (HKCU) X10 Hardware(TM) (x32) XviD MPEG4 Video Codec (remove only) (x32) Zylom Games Player Plugin (x32) Συλλογή φωτογραφιών (x32 Version: 16.4.3505.0912) ==================== Restore Points ========================= 24-07-2013 12:56:30 Ende der Bereinigung ==================== Hosts content: ========================== 2009-07-14 04:34 - 2013-07-23 23:46 - 00000027 ___AC C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= Task: {025C7BE0-828A-4F15-A414-9E3E9AB7B1EA} - System32\Tasks\{019D58B1-A578-400D-B426-CC13D7AACCC0} => C:\Users\Rolf\Desktop\kaspersky 2013 v1.5.exe No File Task: {02DA0482-068E-4F85-B654-AE5299E5FFB3} - System32\Tasks\{3D724BC1-92BC-4C72-A3B3-C8963B6711B6} => C:\Program Files (x86)\Anno 1701\Anno1701.exe No File Task: {07740EDC-4571-4CA2-ADD9-BFD68A8BDDDF} - System32\Tasks\{0ED69297-7F8D-420E-87DA-A8B55DB3F9E8} => C:\Program Files (x86)\Anno 1701\Anno1701.exe No File Task: {0CA42A4E-E332-4172-ABD9-97FE281AE41E} - System32\Tasks\Microsoft\Windows\WindowsBackup\Windows Backup Monitor => C:\Windows\system32\sdclt.exe [2010-11-20] (Microsoft Corporation) Task: {0EF436C6-5FE3-4C04-BAD4-E1224521F8F7} - System32\Tasks\{103BC36F-E39D-436A-A96B-0ED237294517} => C:\Program Files (x86)\Anno 1701\Anno1701.exe No File Task: {1A6E699F-C784-4DB9-AE5D-E3CA438946AB} - System32\Tasks\{90277C71-A51A-4359-B20F-DDEA4C452C07} => C:\Program Files (x86)\Anno 1701\Anno1701.exe No File Task: {1B039CE7-EBEA-442E-8285-A317AAD4FCDE} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => C:\Windows\system32\rundll32.exe [2009-07-14] (Microsoft Corporation) Task: {1B2D3140-1393-4461-951E-8201C64F1005} - System32\Tasks\Adobe Reader and Acrobat Manager => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04] (Adobe Systems Incorporated) Task: {1E1C9306-C92C-4B89-9C34-861D56113141} - System32\Tasks\{932D83EC-3CC9-4FC0-8405-62BF2F0A1406} => C:\Program Files (x86)\EA Games\OfficialCnCTiberianSun\EA Games\Command & Conquer(tm) Tiberian Sun(tm)\SUN\Game.exe No File Task: {255CEB58-0B05-496D-A462-6517EC9E4CCA} - System32\Tasks\{9F6B39F3-C7D6-4EEE-8DED-54DC3839E685} => C:\Program Files (x86)\EA Games\OfficialCnCTiberianSun\EA Games\Command & Conquer(tm) Tiberian Sun(tm)\SUN\Game.exe No File Task: {26956EAA-F22B-43D1-BC3E-2A8ECD7ED558} - System32\Tasks\{4EC1C7A4-8B4B-46B2-8665-3B4183D76979} => C:\Program Files (x86)\Anno 1701\Anno1701.exe No File Task: {2B180D9B-72AF-423B-83B5-FE49CBB85FBE} - System32\Tasks\{BA825787-C777-43EC-B407-71A2791FD93B} => C:\Program Files (x86)\Anno 1701\Anno1701.exe No File Task: {2C129A24-9CA2-46FD-A2C8-997FDFA9E29D} - System32\Tasks\Express FilesUpdate => C:\Program Files (x86)\ExpressFiles\EFUpdater.exe No File Task: {30F68281-62DF-4C74-819F-9FEDA30C035F} - System32\Tasks\{A6D3B4C2-A677-4C43-8128-81343F07C384} => C:\Users\Rolf\Desktop\kaspersky 2013 v1.5.exe No File Task: {32848A34-6DD6-44C2-879A-D743446D83B6} - System32\Tasks\{DCC500CA-27CB-4FE5-B6E3-260A771F78BB} => C:\Program Files (x86)\Anno 1701\Anno1701.exe No File Task: {339BAD03-E809-4A6C-8119-C49C6F19B8C9} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe [2010-11-20] (Microsoft Corporation) Task: {36D9B279-EEAB-4FC9-835E-5223163EA37A} - System32\Tasks\{6971E8A6-8D79-40A8-8B40-D5F92BF8BA4B} => C:\Program Files (x86)\Anno 1701\Anno1701.exe No File Task: {3A4C7FFA-4163-4307-84D4-506D819EAB1B} - System32\Tasks\{299703E3-2B94-4683-87E8-40E546E79CDD} => C:\Program Files (x86)\Anno 1701\Anno1701.exe No File Task: {3D1935E0-99A5-4807-8542-F10D8B946670} - System32\Tasks\{2A4B57EB-DB05-4229-B619-B1DBEF683BDD} => C:\Program Files (x86)\EA Games\OfficialCnCTiberianSun\EA Games\Command & Conquer(tm) Tiberian Sun(tm)\SUN\Game.exe No File Task: {3F2831B3-6BBC-4E3E-8865-7E1AEC03A10D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-01-23] (Google Inc.) Task: {41F26DA5-B69D-442A-BFCB-F0755A2149A0} - System32\Tasks\{25A4898A-5819-4AA4-BC73-B4CB401DDC97} => C:\Program Files (x86)\Anno 1701\Anno1701.exe No File Task: {43456866-37E6-430A-8920-E86D686D0CBE} - System32\Tasks\{3A8EBCFF-7198-49CF-986E-A789C64F20A8} => C:\Program Files (x86)\Zylom Games\Chocolatier Deluxe\chocolatier.exe No File Task: {44745CA2-38B7-46E6-A157-8D60C5592D52} - System32\Tasks\{BA4B9075-C0E7-4315-A5F1-6E0DAA4437EB} => C:\Program Files (x86)\Anno 1701\Anno1701.exe No File Task: {59D10E3F-614E-4716-A038-BA9F4D3ABC93} - System32\Tasks\{9040B1C9-7DBE-4A8D-BDA2-A8A13DD70868} => C:\Program Files (x86)\Der Planer 4\Planer4.exe [2010-04-10] () Task: {5A4BD5E8-36F2-4642-962C-4241225D2562} - System32\Tasks\{38F5C1D0-6B37-425A-A062-99EBDB339F7B} => C:\Users\Rolf\Desktop\kaspersky 2013 v1.5.exe No File Task: {5AD05DC8-BA66-4C2D-BC7A-636CE7084BA7} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-03-12] (Oracle Corporation) Task: {5D51769E-3A08-48D3-9675-BB86A1D751FE} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance => C:\Program Files (x86)\TuneUp Utilities 2010\OneClick.exe [2011-11-21] (TuneUp Software) Task: {5E3C5AF2-D58A-4BBD-85E1-DE1992F99F2C} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-08-01] (Microsoft Corporation) Task: {601115A6-190F-4DDB-A828-0080D2018DDB} - System32\Tasks\{77EE50E3-1C9A-439D-861F-43646AD66AC7} => C:\Program Files (x86)\Anno 1701\Anno1701.exe No File Task: {61167AE7-1DC9-43D7-A346-032954DBD6C0} - System32\Tasks\{AEE76F17-A316-4153-95E1-75E307A477C2} => C:\Program Files (x86)\Anno 1701\Anno1701.exe No File Task: {67650383-D826-484A-9F83-9F77B9AAE83D} - System32\Tasks\{50CC8298-29F1-4249-B98A-A8E79F619013} => C:\Users\Rolf\Desktop\StarCraft_2_EU_de-DE.exe No File Task: {69BE02BE-920B-4B01-A4EE-16979EE094C8} - System32\Tasks\{06B7682F-68DE-4311-AE8C-3E50085DAD4F} => C:\Program Files\gPotato.eu\Rappelz\unins000.exe No File Task: {6D43813D-CA2A-42F0-8349-9124D8336A2A} - System32\Tasks\{59E6FB02-9035-4592-B5C9-2550563E6B17} => C:\Program Files (x86)\Anno 1701\Anno1701.exe No File Task: {6D9E20E4-BFC4-4B29-B83E-301F1334F334} - System32\Tasks\{AF91347D-9BA8-4319-B6C0-A61AABB5B00B} => C:\Program Files (x86)\Winamp\winamp.exe [2012-06-28] (Nullsoft, Inc.) Task: {71AAD05B-BD86-41D6-A400-F67560EBEF39} - System32\Tasks\{5F051E24-69DD-4286-A3C1-971FD469C0D4} => C:\Program Files (x86)\FreeGamesArea\Monopoly Deluxe\monopoly-deluxe.exe No File Task: {71F576C1-6E3B-4399-AC9D-1B2F00A972A9} - System32\Tasks\{CE698B20-CCF9-47A0-A14F-58E2C9E7B825} => C:\Program Files (x86)\Anno 1701\Anno1701.exe No File Task: {7A6EA98F-53F4-4D42-BB48-44529D6362A1} - System32\Tasks\GoforFilesUpdate => C:\Program Files (x86)\GoforFiles\GFFUpdater.exe No File Task: {7C79C571-6885-41D7-A099-3BF0CBAFB05C} - System32\Tasks\{43374E23-E2E8-4BBB-86FA-EF804079086D} => C:\Program Files (x86)\Anno 1701\Anno1701.exe No File Task: {7E831404-C053-49F1-9BAC-66C9AA96706B} - System32\Tasks\{7E669D40-C3DE-4255-B8A6-8B4ECD438CE6} => C:\Program Files (x86)\Anno 1701\Anno1701.exe No File Task: {7FA019AF-CBFC-4795-A903-E8F940370F07} - System32\Tasks\{0B127B73-B75F-471D-8D38-8D86C4EF25C4} => C:\Program Files (x86)\Anno 1701\Anno1701.exe No File Task: {84848483-5A0B-486C-AD28-E21381B7047E} - System32\Tasks\{0E0A534E-3490-4629-8DAF-B00C53D88B38} => C:\Program Files (x86)\Anno 1701\Anno1701.exe No File Task: {8624027B-D9A7-40CF-8279-98BEF5B5038C} - System32\Tasks\{49961235-AB9F-459D-869D-053562B45939} => C:\Program Files\gPotato.eu\Rappelz\unins000.exe No File Task: {94F78F13-D411-4F37-8C2A-4C0E0A8E230A} - System32\Tasks\User_Feed_Synchronization-{0AF23A97-653E-4B26-A3DD-52F6F8B9DA00} => C:\Windows\system32\msfeedssync.exe [2013-04-13] (Microsoft Corporation) Task: {A1D6733A-78DF-457E-91A2-EBD166F4F47D} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {A24F704A-3AB2-44D3-8EFF-7BFD8A38AC51} - System32\Tasks\{CF7E47E4-318F-4815-A408-36F202B63984} => C:\Users\Rolf\Desktop\StarCraft_2_EU_de-DE.exe No File Task: {A389AD47-9C81-4C10-BCB7-73E08EF98CD4} - System32\Tasks\{39129BCD-4F26-4841-BD54-46221B962376} => C:\Program Files (x86)\Winamp\winamp.exe [2012-06-28] (Nullsoft, Inc.) Task: {A6761522-46FF-4C76-9C73-BC7BC68FA12A} - System32\Tasks\{91657AA8-DFAB-4CF5-99E6-FBDF66218F24} => c:\program files (x86)\google\chrome\application\chrome.exe [2013-07-12] (Google Inc.) Task: {B13D2428-9F5E-40AA-A589-7F9C9E6E3DA9} - System32\Tasks\Lexware-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe [2010-09-15] (Haufe-Lexware GmbH & Co. KG) Task: {B933665B-51E0-47AE-B3F7-850360328AB5} - System32\Tasks\{A1EBCEF7-D012-4B00-B942-BDC2887ECD9A} => C:\Program Files (x86)\Anno 1701\Anno1701.exe No File Task: {C6FFE842-9F53-4362-9E29-C1C311E3A3AC} - System32\Tasks\{76324A2B-5FE0-4F93-818C-4EC41F92A1CD} => C:\Program Files (x86)\Anno 1701\Anno1701.exe No File Task: {C84E7010-4650-478B-9EB3-B970A0171AE1} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\Windows\System32\lpksetup.exe [2010-11-20] (Microsoft Corporation) Task: {C9109639-B843-4A65-8CFA-7C3E609FC2D2} - System32\Tasks\AdobeAAMUpdater-1.0-RolfLaptop-Rolf => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-09-20] (Adobe Systems Incorporated) Task: {D79C1612-88B5-4945-AC3C-33AB6A6AE9B1} - System32\Tasks\{739BDCE6-AD95-498A-8B05-4EC9DFF2D499} => C:\Program Files (x86)\EA Games\OfficialCnCTiberianSun\EA Games\Command & Conquer(tm) Tiberian Sun(tm)\SUN\Game.exe No File Task: {D98B09B0-611A-4665-801B-FE6C84AE6BBC} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task Task: {D9D78400-BA53-4266-BF93-16F8A5876251} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-01-23] (Google Inc.) Task: {DA708E7F-3907-4E32-B168-7240A367A2F0} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\TuneUp Utilities 2013\OneClick.exe No File Task: {E2B780FE-6221-47DD-B26D-31EA93A5E3D9} - System32\Tasks\{748CF9BB-4D5B-4C1F-BBB1-1A5F89EEF606} => C:\Program Files (x86)\EA Games\OfficialCnCTiberianSun\EA Games\Command & Conquer The First Decade\Command & Conquer(tm) Tiberian Sun(tm)\SUN\Game.exe No File Task: {EBC98594-8C85-4AAC-9F6E-E4FA305EA3AA} - System32\Tasks\{E71E05E6-0EB9-4A91-9FED-C677F4DEB6BE} => C:\Program Files\gPotato.eu\FlyFF\Flyff.exe No File Task: {F0635186-F4FE-45A6-86DB-2C7CF400AF2B} - System32\Tasks\{4FB514FF-057E-4016-AD3A-398007EF41FA} => C:\Program Files (x86)\Anno 1701\Anno1701.exe No File Task: {F2F12700-FB10-4156-A0F2-8A50D50EC1EA} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-23] (Microsoft Corporation) Task: {F35B5A61-C74D-43AD-9F54-ED8D33A84FBC} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-14] (Adobe Systems Incorporated) Task: {F5658438-1A8F-4FC2-925F-5B01649CA852} - System32\Tasks\{54687B93-FDAF-486F-8905-D0282F757CB8} => C:\Program Files (x86)\EA Games\OfficialCnCTiberianSun\EA Games\Command & Conquer(tm) Tiberian Sun(tm)\SUN\Game.exe No File Task: {F7A87CEC-F3B6-41C3-A707-814A9079A13E} - System32\Tasks\{F9916BE5-3E0A-4C49-A4D5-B497A59586C6} => C:\Program Files (x86)\Anno 1701\Anno1701.exe No File Task: {FC0E827C-A43D-459E-A65D-6E565DD05419} - System32\Tasks\{DFE7FBAF-3514-40A2-A362-5968298FCAD3} => C:\Program Files (x86)\FreeGamesArea\Monopoly Deluxe\monopoly-deluxe.exe No File Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Faulty Device Manager Devices ============= Name: Anwenderinfrarotgeräte Description: Anwenderinfrarotgeräte Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: circlass Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31) Resolution: Update the driver Name: Security Processor Loader Driver Description: Security Processor Loader Driver Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: spldr Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. ==================== Event log errors: ========================= Application errors: ================== Error: (07/27/2013 07:04:28 PM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (07/27/2013 06:16:27 PM) (Source: Application Error) (User: ) Description: Aus einem der folgenden Gründe kann nicht auf die Datei "" zugegriffen werden: Es besteht ein Problem mit der Netzwerkverbindung, dem Datenträger mit der gespeicherten Datei bzw. den auf dem Computer installierten Speichertreibern, oder der Datenträger fehlt. Das Programm tv_w32.exe wurde wegen dieses Fehlers geschlossen. Programm: tv_w32.exe Datei: Der Fehlerwert ist im Abschnitt "Zusätzliche Dateien" aufgelistet. Benutzeraktion 1. Öffnen Sie die Datei erneut. Diese Situation ist eventuell ein temporäres Problem, das selbstständig behoben wird, wenn das Programm erneut ausgeführt wird. 2. Wenn Sie weiterhin nicht auf die Datei zugreifen können und - diese sich im Netzwerk befindet, dann sollte der Netzwerkadministrator überprüfen, dass kein Netzwerkproblem besteht und dass eine Verbindung mit dem Server hergestellt werden kann. - diese sich auf einem Wechseldatenträger, wie z. B. einer Diskette oder einer CD, befindet, überprüfen Sie, ob der Datenträger richtig in den Computer eingelegt ist. 3. Überprüfen und reparieren Sie das Dateisystem, indem Sie CHKDSK ausführen. Klicken Sie dazu im Menü "Start" auf "Ausführen", geben Sie CMD ein, und klicken Sie auf "OK". Geben Sie an der Eingabeaufforderung CHKDSK /F ein, und drücken Sie die EINGABETASTE. 4. Stellen Sie die Datei von einer Sicherungskopie wieder her, wenn das Problem weiterhin besteht. 5. Überprüfen Sie, ob andere Dateien auf demselben Datenträger geöffnet werden können. Falls dies nicht möglich ist, ist der Datenträger eventuell beschädigt. Wenden Sie sich an den Administrator oder den Hersteller der Computerhardware, um weitere Unterstützung zu erhalten, wenn es sich um eine Festplatte handelt. Zusätzliche Daten Fehlerwert: C0000098 Datenträgertyp: 0 Error: (07/27/2013 06:16:27 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: tv_w32.exe, Version: 0.0.0.0, Zeitstempel: 0x51da9b6b Name des fehlerhaften Moduls: tv_w32.dll, Version: 0.0.0.0, Zeitstempel: 0x51da9b67 Ausnahmecode: 0xc0000006 Fehleroffset: 0x00008e20 ID des fehlerhaften Prozesses: 0x10290 Startzeit der fehlerhaften Anwendung: 0xtv_w32.exe0 Pfad der fehlerhaften Anwendung: tv_w32.exe1 Pfad des fehlerhaften Moduls: tv_w32.exe2 Berichtskennung: tv_w32.exe3 Error: (07/27/2013 05:10:04 PM) (Source: MsiInstaller) (User: RolfLaptop) Description: Nicht erwarteter oder fehlender Wert (Name: "PackageName", Wert: "") für Schlüssel "HKLM\Software\Classes\Installer\Products\D139E7FE48CDB174D86B8A3385904547\SourceList". Error: (07/27/2013 05:07:49 PM) (Source: MsiInstaller) (User: RolfLaptop) Description: Nicht erwarteter oder fehlender Wert (Name: "PackageName", Wert: "") für Schlüssel "HKLM\Software\Classes\Installer\Products\D139E7FE48CDB174D86B8A3385904547\SourceList". Error: (07/27/2013 03:43:44 AM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 15631 Error: (07/27/2013 03:43:44 AM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 15631 Error: (07/27/2013 03:43:44 AM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (07/26/2013 08:09:46 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT) Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich. Error: (07/26/2013 08:09:46 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT) Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich. System errors: ============= Error: (07/27/2013 07:06:52 PM) (Source: DCOM) (User: ) Description: 1084SkypeUpdate/ComService{CC957078-B838-47C4-A7CF-626E7A82FC58} Error: (07/27/2013 07:04:40 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error: (07/27/2013 07:04:40 PM) (Source: DCOM) (User: ) Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030} Error: (07/27/2013 07:04:40 PM) (Source: DCOM) (User: ) Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} Error: (07/27/2013 07:04:28 PM) (Source: DCOM) (User: ) Description: 1084EventSystem{1BE1F766-5536-11D1-B726-00C04FB926AF} Error: (07/27/2013 07:04:21 PM) (Source: DCOM) (User: ) Description: 1084ShellHWDetection{DD522ACC-F821-461A-A407-50B198B896DC} Error: (07/27/2013 07:03:52 PM) (Source: Service Control Manager) (User: ) Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: discache KLIF kneps spldr Wanarpv6 Error: (07/27/2013 07:03:51 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "IPsec-Richtlinien-Agent" ist von folgendem Dienst abhängig: BFE. Dieser Dienst ist eventuell nicht installiert. Error: (07/27/2013 07:03:51 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "IKE- und AuthIP IPsec-Schlüsselerstellungsmodule" ist von folgendem Dienst abhängig: BFE. Dieser Dienst ist eventuell nicht installiert. Error: (07/27/2013 07:03:50 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Microsoft Office Sessions: ========================= Error: (07/27/2013 07:04:28 PM) (Source: SideBySide)(User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\Adobe\Acrobat 9.0\Designer 8.2\FormDesigner.exe Error: (07/27/2013 06:16:27 PM) (Source: Application Error)(User: ) Description: tv_w32.exeC00000980 Error: (07/27/2013 06:16:27 PM) (Source: Application Error)(User: ) Description: tv_w32.exe0.0.0.051da9b6btv_w32.dll0.0.0.051da9b67c000000600008e201029001ce8ada1f8c121cH:\tv_w32.exeH:\tv_w32.dlle356a408-f6d7-11e2-bd43-00262dc36228 Error: (07/27/2013 05:10:04 PM) (Source: MsiInstaller)(User: RolfLaptop) Description: PackageNameHKLM\Software\Classes\Installer\Products\D139E7FE48CDB174D86B8A3385904547\SourceList(NULL)(NULL)(NULL) Error: (07/27/2013 05:07:49 PM) (Source: MsiInstaller)(User: RolfLaptop) Description: PackageNameHKLM\Software\Classes\Installer\Products\D139E7FE48CDB174D86B8A3385904547\SourceList(NULL)(NULL)(NULL) Error: (07/27/2013 03:43:44 AM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 15631 Error: (07/27/2013 03:43:44 AM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledEvent 15631 Error: (07/27/2013 03:43:44 AM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (07/26/2013 08:09:46 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT-AUTORITÄT) Description: WmiApRplWmiApRpl8F20300004D070000 Error: (07/26/2013 08:09:46 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT-AUTORITÄT) Description: Performance1637070000000000000000000009030000 CodeIntegrity Errors: =================================== Date: 2013-07-23 23:38:37.760 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-07-23 23:38:37.604 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-07-22 06:50:59.573 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-07-22 06:50:59.573 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-07-22 06:50:59.557 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-07-22 05:41:55.800 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-07-22 05:41:55.800 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-07-22 05:41:55.800 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-07-20 17:39:28.067 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-07-20 17:39:28.065 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. ==================== Memory info =========================== Percentage of memory in use: 32% Total physical RAM: 3893.49 MB Available physical RAM: 2631.32 MB Total Pagefile: 7785.16 MB Available Pagefile: 6539.51 MB Total Virtual: 8192 MB Available Virtual: 8191.83 MB ==================== Drives ================================ Drive c: (Boot) (Fixed) (Total:546.25 GB) (Free:274.3 GB) NTFS (Disk=0 Partition=2) Drive d: (Recover) (Fixed) (Total:48.83 GB) (Free:7.32 GB) NTFS (Disk=0 Partition=3) ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 596 GB) (Disk ID: 2BD2C32A) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=546 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=49 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=1023 MB) - (Type=12) ==================== End Of Log ============================ |
|
28.07.2013, 07:18
| #5 |
| /// the machine /// TB-Ausbilder | backdoor.WIN32.ZAccess.mbs wurde gefunden system ausfall folge windwos nur noch über abgesicherten modus startbar Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter ZeroAccess:
C:\Windows\Installer\{f83a451a-099f-921b-9482-2c39ad2569aa}
C:\Windows\Installer\{f83a451a-099f-921b-9482-2c39ad2569aa}\@
C:\Windows\Installer\{f83a451a-099f-921b-9482-2c39ad2569aa}\L
C:\Windows\Installer\{f83a451a-099f-921b-9482-2c39ad2569aa}\U
C:\Windows\Installer\{f83a451a-099f-921b-9482-2c39ad2569aa}\L\00000004.@
C:\Windows\Installer\{f83a451a-099f-921b-9482-2c39ad2569aa}\U\00000004.@
C:\Windows\Installer\{f83a451a-099f-921b-9482-2c39ad2569aa}\U\00000008.@
C:\Windows\Installer\{f83a451a-099f-921b-9482-2c39ad2569aa}\U\000000cb.@
C:\Windows\Installer\{f83a451a-099f-921b-9482-2c39ad2569aa}\U\80000000.@
C:\Windows\Installer\{f83a451a-099f-921b-9482-2c39ad2569aa}\U\80000032.@
C:\Windows\Installer\{f83a451a-099f-921b-9482-2c39ad2569aa}\U\80000064.@
ZeroAccess:
C:\Windows\assembly\GAC_64\Desktop.ini
DeleteJunctionsIndirectory: C:\Program Files\Windows Defender
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Normal starten.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
28.07.2013, 07:41
| #6 |
| | backdoor.WIN32.ZAccess.mbs wurde gefunden system ausfall folge windwos nur noch über abgesicherten modus startbar so ich habe jetzt ein problem das ist das er nicht mehr windows in abgesicherten modus startet -.-* sondern immer wieder chdsk oder chkdk ausführt -.-* und das system versucht zu repparieren ohne das er abgesicherten modus starten kann was soll ich machen und wie verhindere ich die chdsk? |
|
28.07.2013, 07:43
| #7 |
| /// the machine /// TB-Ausbilder | backdoor.WIN32.ZAccess.mbs wurde gefunden system ausfall folge windwos nur noch über abgesicherten modus startbar hi, Scan mit Farbar's Recovery Scan Tool (Recovery Mode - Windows Vista, 7, 8) Hinweise für Windows 8-Nutzer: Anleitung 1 (FRST-Variante) und Anleitung 2 (zweiter Teil)
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
28.07.2013, 12:07
| #8 |
| | backdoor.WIN32.ZAccess.mbs wurde gefunden system ausfall folge windwos nur noch über abgesicherten modus startbar hier der frst log über usb stick FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-07-2013 04 Ran by SYSTEM on 28-07-2013 09:02:08 Running from I:\ Windows 7 Home Premium (X64) OS Language: English(US) Internet Explorer Version 10 Boot Mode: Recovery The current controlset is ControlSet001 ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log. ==================== Registry (Whitelisted) ================== HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1890088 2009-12-10] (Synaptics Incorporated) HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11548264 2010-11-03] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2181224 2010-11-03] (Realtek Semiconductor) HKLM\...\Run: [Seagull Drivers] - ssdal_nc.exe startup [x] HKLM\...\Run: [IntelliPoint] - c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation) HKLM\...\Run: [HP Color LaserJet CM1312 MFP Series Fax] - C:\Program Files (x86)\HP\HP Color LaserJet CM1312 MFP Series\hppfaxprintersrv.exe [3700736 2009-09-22] (Hewlett-Packard Company) HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-19] (Adobe Systems Incorporated) HKLM-x32\...\Runonce: [ Malwarebytes Anti-Malware (cleanup)] - rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript [x] HKLM-x32\...\Run: [HotkeyApp] - C:\Program Files (x86)\Launch Manager\HotkeyApp.exe [200704 2009-12-14] (Wistron) HKLM-x32\...\Run: [LMgrVolOSD] - C:\Program Files (x86)\Launch Manager\OSD.exe [348960 2009-12-11] (Wistron Corp.) HKLM-x32\...\Run: [Wbutton] - C:\Program Files (x86)\Launch Manager\Wbutton.exe [436264 2010-06-21] (Wistron Corp.) HKLM-x32\...\Run: [CLMLServer] - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [103720 2009-11-02] (CyberLink) HKLM-x32\...\Run: [YouCam Mirage] - C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [136488 2010-10-28] (CyberLink) HKLM-x32\...\Run: [AdobeCS4ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [611712 2008-08-13] (Adobe Systems Incorporated) HKLM-x32\...\Run: [] - [x] HKLM-x32\...\Run: [Acrobat Assistant 8.0] - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [642816 2012-12-18] (Adobe Systems Inc.) HKLM-x32\...\Run: [Adobe_ID0ENQBO] - C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE [378224 2008-08-14] (Adobe Systems Incorporated) HKLM-x32\...\Run: [HPUsageTracking] - C:\Program Files (x86)\HP\HP UT\bin\hppusg.exe [24576 2009-05-11] (Hewlett-Packard Company) HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.) HKLM-x32\...\Run: [DivXMediaServer] - C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-05-19] (DivX, LLC) HKLM-x32\...\Run: [DivXUpdate] - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1263952 2013-02-12] () HKLM-x32\...\Run: [AVP] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356376 2013-02-28] (Kaspersky Lab ZAO) HKLM-x32\...\Run: [AdobeCS6ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1075296 2013-04-24] (Adobe Systems Incorporated) HKU\Default\...\Run: [Sidebar] - C:\Program Files\Windows Sidebar\Sidebar.exe [1475584 2010-11-20] (Microsoft Corporation) HKU\Default\...\RunOnce: [HKCU] - C:\Windows\System32\oobe\info\HKCU.vbs [126 2009-11-12] () HKU\Default\...\RunOnce: [Screensaver] - C:\Windows\Web\Wallpaper\MEDION\start.vbs [129 2009-10-22] () HKU\Default User\...\Run: [Sidebar] - C:\Program Files\Windows Sidebar\Sidebar.exe [1475584 2010-11-20] (Microsoft Corporation) HKU\Default User\...\RunOnce: [HKCU] - C:\Windows\System32\oobe\info\HKCU.vbs [126 2009-11-12] () HKU\Default User\...\RunOnce: [Screensaver] - C:\Windows\Web\Wallpaper\MEDION\start.vbs [129 2009-10-22] () HKU\Rolf\...\Run: [AdobeBridge] - C:\Program Files (x86)\Adobe\Adobe Bridge CS4\Bridge.exe [13145448 2008-08-28] (Adobe Systems, Inc.) HKU\Rolf\...\Run: [Pando Media Booster] - C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [3077528 2011-11-05] () HKU\Rolf\...\Run: [Akamai NetSession Interface] - C:\Users\Rolf\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-04] (Akamai Technologies, Inc.) HKU\Rolf\...\Run: [MobileDocuments] - C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe [59240 2012-02-23] (Apple Inc.) HKU\Rolf\...\Run: [Personal ID] - C:\PROGRA~2\COOLSP~1\PERSON~1\PID.EXE [1132984 2012-01-02] (coolspot AG, Düsseldorf) HKU\Rolf\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [19603048 2013-06-03] (Skype Technologies S.A.) Startup: C:\Users\Rolf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> (No File) BootExecute: autocheck autochk /r \??\C:autocheck autochk /p \??\G:autocheck autochk * ==================== Services (Whitelisted) ================= S3 Adobe Version Cue CS4; C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [284016 2008-08-14] (Adobe Systems Incorporated) S3 Akamai; c:\program files (x86)\common files\akamai/netsession_win_6c825ce.dll [3417376 2012-03-27] () S2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356376 2013-02-28] (Kaspersky Lab ZAO) S3 CGVPNCliSrvc; C:\Program Files\CyberGhost VPN\CGVPNCliService.exe [2430128 2011-12-06] (mobile concepts GmbH) S2 FirebirdGuardianDefaultInstance; C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe [98304 2010-09-17] (Firebird Project) S3 FirebirdServerDefaultInstance; C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe [3735552 2010-09-17] (Firebird Project) S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) S3 MpsSvc; C:\Windows\SysWow64\. [0 2013-07-27] () S3 npggsvc; C:\Windows\SysWow64\GameMon.des [5124464 2012-12-16] (INCA Internet Co., Ltd.) S3 OverwolfUpdaterService; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [18360 2013-03-05] (Overwolf Ltd) S2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2010-02-10] () S2 StarMoney Business 4.0 OnlineUpdate; C:\Program Files (x86)\StarMoney Business 4.0 Deutsche Bank Edition\ouservice\StarMoneyOnlineUpdate.exe [554160 2011-11-08] (Star Finanz - Software Entwicklung und Vertriebs GmbH) S3 TuneUp.Defrag; C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe [607040 2013-03-02] (TuneUp Software) S2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe [1403200 2011-11-21] (TuneUp Software) S3 WisLMSvc; C:\Program Files (x86)\Launch Manager\WisLMSvc.exe [118560 2009-10-22] (Wistron Corp.) S2 x10nets; C:\PROGRA~2\COMMON~1\X10\Common\x10nets.exe [20480 2009-11-07] (X10) ==================== Drivers (Whitelisted) ==================== S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [243200 2009-10-21] (Huawei Technologies Co., Ltd.) S0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-07-23] (GFI Software) S3 hwusbdev; C:\Windows\System32\DRIVERS\ewusbdev.sys [114304 2009-10-12] (Huawei Technologies Co., Ltd.) S0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [458584 2012-06-19] (Kaspersky Lab ZAO) S1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [620128 2013-04-26] (Kaspersky Lab ZAO) S1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [28504 2012-08-02] (Kaspersky Lab ZAO) S3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29016 2013-02-28] (Kaspersky Lab) S3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29528 2013-02-28] (Kaspersky Lab) S1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54368 2013-06-19] (Kaspersky Lab ZAO) S1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178448 2013-04-26] (Kaspersky Lab ZAO) S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) S3 mod7764; C:\Windows\System32\DRIVERS\mod77-64.sys [913888 2009-09-24] (DiBcom SA) S3 NPPTNT2; C:\Windows\SysWow64\npptNT2.sys [4682 2005-01-01] (INCA Internet Co., Ltd.) S3 NxpCap64; C:\Windows\System32\DRIVERS\NxpCap64.sys [1888864 2010-02-04] (NXP Semiconductors Germany GmbH) S3 TrdCap64; C:\Windows\System32\DRIVERS\TrdCap64.sys [1887528 2010-06-09] (Trident Microsystems, Inc.) S3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys [11856 2010-02-25] (TuneUp Software) S3 VCSVADHWSer; C:\Windows\System32\DRIVERS\vcsvad.sys [21504 2008-12-26] (Avnex) S3 X10Hid; C:\Windows\System32\Drivers\x10hid.sys [15896 2009-05-13] (X10 Wireless Technology, Inc.) S3 XUIF; C:\Windows\System32\Drivers\x10ufx2.sys [32792 2009-05-13] (X10 Wireless Technology, Inc.) S3 catchme; \??\C:\ComboFix\catchme.sys [x] S3 NPPTNT2; \??\C:\Windows\system32\npptNT2.sys [x] S3 wolf; \??\C:\AeriaGames\WolfTeam-DE\avital\wolf64.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-07-27 16:38 - 2013-07-27 16:39 - 07876512 ____C (Adobe Systems Inc.) C:\Users\Rolf\Downloads\Shockwave_Installer_Slim.exe 2013-07-27 15:55 - 2013-07-27 17:52 - 00000000 ___DC C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2013-07-27 15:48 - 2013-07-27 15:48 - 00726464 ____C (Enigma Software Group USA, LLC.) C:\Users\Rolf\Downloads\SpyHunter-Installer (1).exe 2013-07-27 15:41 - 2013-07-27 15:54 - 00000000 ___DC C:\ProgramData\ParetoLogic 2013-07-27 15:41 - 2013-07-27 15:41 - 00000000 ___DC C:\Users\Rolf\AppData\Roaming\DriverCure 2013-07-27 15:39 - 2013-07-27 15:40 - 05799944 ____C (ParetoLogic, Inc.) C:\Users\Rolf\Downloads\RegCureProSetup_RW.exe 2013-07-27 15:39 - 2013-07-27 15:39 - 00001205 ____C C:\Users\Rolf\Downloads\FixNCR.reg 2013-07-27 15:29 - 2013-07-27 15:29 - 01440846 ____C C:\Users\Rolf\Downloads\mbam-chameleon-1.62.1.1000.zip 2013-07-27 15:26 - 2013-07-27 15:26 - 13399154 ____C C:\Users\Rolf\Downloads\mbar-1.06.0.1004.zip 2013-07-27 15:24 - 2013-07-27 15:24 - 00204496 ____C (Malwarebytes) C:\Users\Rolf\Downloads\StartUpLite.exe 2013-07-27 10:49 - 2013-07-27 13:51 - 00000000 ___DC C:\ProgramData\HitmanPro 2013-07-27 10:49 - 2013-07-27 10:49 - 00000000 ___DC C:\Program Files\HitmanPro 2013-07-27 09:23 - 2013-07-27 09:23 - 00048384 ____C C:\Users\Rolf\Desktop\Addition.txt 2013-07-27 09:17 - 2013-07-27 09:17 - 00000000 ___DC C:\FRST 2013-07-27 07:43 - 2013-07-27 07:43 - 00002136 ____C C:\Users\Rolf\Downloads\Ashampoo_Burning_Studio_Elements_10.0.9__Setup_+_Keygen.torrent 2013-07-27 07:41 - 2013-07-27 07:41 - 00002182 ____C C:\Users\Rolf\Downloads\[torrent.cd].Ashampoo_Burning_Studio_Elements_10.0.9_Setup_+_Keygen.torrent 2013-07-27 07:00 - 2013-07-27 13:51 - 00000000 ___DC C:\Users\Rolf\AppData\Local\Abelssoft 2013-07-27 07:00 - 2013-07-27 13:51 - 00000000 ___DC C:\Program Files (x86)\MyKeyFinder 2013-07-24 13:52 - 2013-07-24 13:53 - 01392906 ____C C:\Users\Rolf\Downloads\licensecrawler130.zip 2013-07-24 13:52 - 2013-07-24 13:52 - 00022220 ____C C:\Users\Rolf\Downloads\language_pack.zip 2013-07-24 08:40 - 2013-07-27 13:51 - 00000000 ___DC C:\Program Files (x86)\AC3 Player 2013-07-24 08:40 - 2013-07-24 08:40 - 00000000 ____C C:\END 2013-07-24 07:12 - 2013-07-24 07:12 - 00291890 ____C C:\Users\Rolf\Downloads\CraftGuide-1.6.7.3.zip 2013-07-24 07:11 - 2013-07-24 07:11 - 00287669 ____C C:\Users\Rolf\Downloads\CraftGuide-1.6.7.3-modloader.zip 2013-07-24 07:03 - 2013-07-24 07:03 - 00073973 ____C C:\Users\Rolf\Downloads\Railcraft_API_1.5.2-7.3.0.0.zip 2013-07-24 07:02 - 2013-07-24 07:03 - 02513074 ____C C:\Users\Rolf\Downloads\Railcraft_1.5.2-7.3.0.0.jar 2013-07-24 06:58 - 2013-07-24 06:58 - 00025282 ____C C:\Users\Rolf\Downloads\Elemental-Arrows-Mod-1.5.2.zip 2013-07-24 04:56 - 2013-07-24 04:56 - 00001157 ____C C:\DelFix.txt 2013-07-24 04:56 - 2013-07-24 04:56 - 00000000 ___DC C:\Windows\ERUNT 2013-07-24 04:49 - 2013-07-24 04:49 - 00706916 ____C C:\Users\Rolf\Desktop\delfix.exe 2013-07-24 04:41 - 2013-07-24 04:41 - 21703480 ____C (Mozilla) C:\Users\Rolf\Downloads\Firefox Setup 22.0.exe 2013-07-24 04:08 - 2013-07-24 04:08 - 12931078 ____C C:\Users\Rolf\Downloads\SCFanpackage.zip 2013-07-23 18:21 - 2013-07-23 18:21 - 00001379 ____C C:\Users\Rolf\Desktop\aestool - Verknüpfung.lnk 2013-07-23 13:13 - 2013-07-24 04:54 - 00000000 ___DC C:\Windows\erdnt 2013-07-23 12:52 - 2013-07-23 12:52 - 00246561 ____C C:\Users\Rolf\Downloads\superfish adware mit blockierung des antiviren programs - Trojaner-Board.htm 2013-07-23 12:52 - 2013-07-23 12:52 - 00000000 ___DC C:\Users\Rolf\Downloads\superfish adware mit blockierung des antiviren programs - Trojaner-Board_files 2013-07-23 09:30 - 2013-07-23 09:30 - 00000000 ___DC C:\Users\Rolf\AppData\Roaming\LavasoftStatistics 2013-07-23 09:18 - 2013-07-23 09:18 - 00000000 ___DC C:\ProgramData\Downloaded Installations 2013-07-23 09:17 - 2013-07-23 09:17 - 00000000 ___DC C:\Program Files (x86)\Toolbar Cleaner 2013-07-23 09:14 - 2013-07-23 09:14 - 05616264 ____C (Lavasoft Limited) C:\Users\Rolf\Downloads\Adaware53_Installer.exe 2013-07-23 09:14 - 2013-07-23 09:14 - 00014456 ____C (GFI Software) C:\Windows\System32\Drivers\gfibto.sys 2013-07-23 07:47 - 2013-07-23 07:47 - 07937056 ____C C:\Users\Rolf\Downloads\Nightcore - Dynamite.mp4 2013-07-23 07:46 - 2013-07-23 07:46 - 06018938 ____C C:\Users\Rolf\Downloads\Nightcore - Chipz In Black.mp4 2013-07-23 06:36 - 2013-07-23 06:36 - 00726464 ____C (Enigma Software Group USA, LLC.) C:\Users\Rolf\Downloads\SpyHunter-Installer.exe 2013-07-22 04:52 - 2013-07-22 04:52 - 00000000 ___DC C:\Users\Rolf\Documents\My Games 2013-07-21 02:21 - 2013-07-21 02:26 - 321314481 ____C C:\Users\Rolf\Downloads\Winx Club Staffel 5 Folge 1 Die Ölkatastrophe HD Ganze Folge Deutsch _ German.mp4 2013-07-20 10:13 - 2013-07-20 10:18 - 00000000 ___DC C:\ProgramData\Spybot - Search & Destroy 2013-07-20 10:13 - 2013-07-20 10:13 - 00000000 ___DC C:\Windows\System32\Tasks\Safer-Networking 2013-07-20 08:16 - 2013-07-20 08:34 - 417923699 ____C C:\Users\Rolf\Downloads\OM M.rar 2013-07-20 07:49 - 2013-07-20 07:49 - 00659797 ____C C:\Users\Rolf\Downloads\VisualBoyAdvance-1.8.0-beta3.zip 2013-07-20 07:49 - 2013-07-20 07:49 - 00108176 ____C C:\Users\Rolf\Downloads\Metroid 2 - Return of Samus.zip 2013-07-20 07:43 - 2013-07-20 07:48 - 296225020 ____C C:\Users\Rolf\Downloads\Metroid Prime 3 - Trilogy Remaster.zip 2013-07-20 07:24 - 2013-07-20 07:25 - 36271144 ____C (Safer-Networking Ltd. ) C:\Users\Rolf\Downloads\spybot-2.1.exe 2013-07-20 06:00 - 2013-07-20 06:00 - 00000000 ___DC C:\ProgramData\StarApp 2013-07-20 06:00 - 2013-07-20 06:00 - 00000000 ___DC C:\ProgramData\InstallMate 2013-07-20 05:33 - 2013-07-27 15:27 - 00000000 ___DC C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-07-20 05:33 - 2013-04-04 04:50 - 00025928 ____C (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys 2013-07-20 05:23 - 2013-07-20 05:23 - 10285040 ____C (Malwarebytes Corporation ) C:\Users\Rolf\Downloads\mbam-setup-1.75.0.1300.exe 2013-07-19 16:51 - 2013-07-19 16:51 - 17355680 ____C C:\Users\Rolf\Downloads\Crazy Frog - Popcorn.mp4 2013-07-19 16:45 - 2013-07-19 16:45 - 09920468 ____C C:\Users\Rolf\Downloads\CRAZY FROG - Daddy DJ (Clip Officiel).mp4 2013-07-19 16:41 - 2013-07-19 16:41 - 11178752 ____C C:\Users\Rolf\Downloads\Crazy Frog - We Are The Champions.mp4 2013-07-19 13:19 - 2013-07-19 13:19 - 01492584 ____C (Skype Technologies S.A.) C:\Users\Rolf\Downloads\SkypeSetup.exe 2013-07-19 12:34 - 2013-07-19 12:34 - 04179944 ____C (TeamViewer) C:\Users\Rolf\Downloads\TeamViewerQS_de.exe 2013-07-19 09:04 - 2013-07-19 09:05 - 00000000 ___DC C:\Users\Rolf\Downloads\93655 2013-07-19 08:48 - 2013-07-19 08:48 - 00050433 ____C C:\Users\Rolf\Downloads\convert2mp3_video_converter_1.7.crx 2013-07-19 08:46 - 2013-07-19 08:47 - 16658002 ____C C:\Users\Rolf\Downloads\CH!PZ - 1001 Arabian Nights (HQ) OFFICIAL VIDEO FULL HD.mp4 2013-07-19 08:17 - 2013-07-19 08:57 - 123504950 ____C C:\Users\Rolf\Downloads\BSS0H5eVmj9SFYaw-avXtf0rlxafo5XO6bA85w3nUtU.rar 2013-07-19 02:44 - 2013-07-19 02:51 - 00000000 ___DC C:\Windows\System32\MRT 2013-07-18 12:40 - 2013-07-18 12:40 - 00000182 ____C C:\Users\Rolf\Downloads\stream.asx 2013-07-17 17:02 - 2013-07-17 17:01 - 00927399 ____C C:\Users\Rolf\Downloads\CryptMaster.exe 2013-07-17 16:48 - 2013-07-17 16:48 - 00000000 ___DC C:\Users\Rolf\AppData\Roaming\Unity 2013-07-17 16:08 - 2013-07-17 16:08 - 00000000 ___DC C:\Program Files (x86)\AntiTwin 2013-07-17 16:07 - 2013-07-17 16:07 - 00643592 ____C (Unity Technologies ApS) C:\Users\Rolf\Downloads\UnityWebPlayer.exe 2013-07-17 16:07 - 2013-07-17 16:07 - 00000000 ___DC C:\Users\Rolf\AppData\Local\Unity 2013-07-17 05:50 - 2013-07-17 05:50 - 00816474 ____C C:\Users\Rolf\Downloads\AntiTwin_19Beta_Setup.exe 2013-07-16 10:18 - 2013-07-16 10:19 - 01327680 ____C C:\Users\Rolf\Downloads\CryptMaster-Downloader.exe 2013-07-16 08:04 - 2013-07-16 08:04 - 00085204 ____C C:\Users\Rolf\Documents\AdwCleaner[S1] gelöschte adwares.txt 2013-07-16 07:48 - 2013-07-16 07:49 - 00000098 ____C C:\Windows\DeleteOnReboot.bat 2013-07-16 06:03 - 2013-07-16 06:03 - 00018702 ____C C:\Users\Rolf\Downloads\044.crx 2013-07-16 04:14 - 2013-07-16 04:15 - 00000000 ___DC C:\Users\Rolf\Desktop\Bilder 2013-07-15 02:56 - 2013-07-15 02:56 - 00035058 ____C C:\Users\Rolf\Downloads\[FileCopter]turbomodelthingy.zip 2013-07-14 12:35 - 2013-07-14 12:40 - 111769046 ____C C:\Users\Rolf\Downloads\AetherII_Alpha_v1.0.2_MC1.5.1.zip 2013-07-14 12:35 - 2013-07-14 12:35 - 00967536 ____C C:\Users\Rolf\Downloads\AetherII_Alpha_v1.0.2_MC1.5.1.exe 2013-07-14 10:10 - 2013-07-14 10:13 - 03375803 ____C C:\Users\Rolf\Downloads\Industrial-Craft-2-Mod-1.5.2.jar 2013-07-14 09:47 - 2013-07-14 09:47 - 01153651 ____C C:\Users\Rolf\Downloads\Buildcraft Mod 1.5.2.jar 2013-07-14 09:45 - 2013-07-14 09:45 - 00008007 ____C C:\Users\Rolf\Downloads\Atomic-Science-API-1.5.2.zip 2013-07-14 07:24 - 2013-07-14 07:24 - 00967536 ____C C:\Users\Rolf\Downloads\der letzte sommer.exe 2013-07-13 05:12 - 2013-07-27 13:51 - 00000000 ___DC C:\Users\Rolf\AppData\Roaming\.minecraft 2013-07-12 17:17 - 2013-07-12 17:17 - 00000000 ___DC C:\My Games 2013-07-12 17:14 - 2013-07-12 17:14 - 00003006 ____C C:\Windows\System32\Tasks\{3A8EBCFF-7198-49CF-986E-A789C64F20A8} 2013-07-12 14:04 - 2013-07-12 14:04 - 00000000 ___DC C:\ProgramData\Sandlot Games 2013-07-12 14:01 - 2013-07-12 14:01 - 00000000 ___DC C:\Program Files (x86)\Cake Mania 2 2013-07-12 13:58 - 2013-07-12 13:58 - 00000000 ___DC C:\Users\Rolf\AppData\Local\Big Fish 2013-07-12 13:57 - 2013-07-12 13:57 - 00000000 ___DC C:\Boonty 2013-07-12 08:58 - 2013-07-12 08:58 - 00001004 ____C C:\Users\Rolf\Desktop\tatoos - Verknüpfung.lnk 2013-07-10 14:49 - 2013-07-10 14:50 - 19238912 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2013-07-10 14:49 - 2013-07-10 14:50 - 15404032 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2013-07-10 14:49 - 2013-07-10 14:50 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-07-10 14:49 - 2013-07-10 14:50 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-07-10 14:49 - 2013-07-10 14:50 - 03958784 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2013-07-10 14:49 - 2013-07-10 14:50 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-07-10 14:49 - 2013-07-10 14:50 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-07-10 14:49 - 2013-07-10 14:50 - 02706432 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2013-07-10 14:49 - 2013-07-10 14:50 - 02648576 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2013-07-10 14:49 - 2013-07-10 14:50 - 02241024 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll 2013-07-10 14:49 - 2013-07-10 14:50 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-07-10 14:49 - 2013-07-10 14:50 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-07-10 14:49 - 2013-07-10 14:50 - 01365504 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2013-07-10 14:49 - 2013-07-10 14:50 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-07-10 14:49 - 2013-07-10 14:50 - 00855552 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll 2013-07-10 14:49 - 2013-07-10 14:50 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-07-10 14:49 - 2013-07-10 14:50 - 00603136 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2013-07-10 14:49 - 2013-07-10 14:50 - 00526336 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll 2013-07-10 14:49 - 2013-07-10 14:50 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-07-10 14:49 - 2013-07-10 14:50 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-07-10 14:49 - 2013-07-10 14:50 - 00136704 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll 2013-07-10 14:49 - 2013-07-10 14:50 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2013-07-10 14:49 - 2013-07-10 14:50 - 00089600 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe 2013-07-10 14:49 - 2013-07-10 14:50 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2013-07-10 14:49 - 2013-07-10 14:50 - 00067072 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll 2013-07-10 14:49 - 2013-07-10 14:50 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2013-07-10 14:49 - 2013-07-10 14:50 - 00053248 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2013-07-10 14:49 - 2013-07-10 14:50 - 00051712 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe 2013-07-10 14:49 - 2013-07-10 14:50 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll 2013-07-10 14:49 - 2013-07-10 14:50 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-07-10 14:49 - 2013-07-10 14:50 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2013-07-10 14:23 - 2013-07-10 14:50 - 01887744 _____ (Microsoft Corporation) C:\Windows\System32\WMVDECOD.DLL 2013-07-10 14:23 - 2013-07-10 14:50 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL 2013-07-10 14:23 - 2013-07-10 14:50 - 00624128 _____ (Microsoft Corporation) C:\Windows\System32\qedit.dll 2013-07-10 14:23 - 2013-07-10 14:50 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll 2013-07-10 14:23 - 2013-07-10 14:38 - 03153920 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys 2013-07-10 14:22 - 2013-07-10 14:31 - 01643520 _____ (Microsoft Corporation) C:\Windows\System32\DWrite.dll 2013-07-10 14:22 - 2013-07-10 14:31 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll 2013-07-10 07:58 - 2013-07-10 07:59 - 00000078 ____C C:\Users\Rolf\Desktop\bankdaten für bud spencer film.txt 2013-07-10 05:54 - 2013-07-10 05:54 - 00000000 ___DC C:\Users\Rolf\AppData\Roaming\IsolatedStorage 2013-07-10 05:54 - 2013-07-10 05:54 - 00000000 ___DC C:\Users\Rolf\AppData\Local\_ 2013-07-10 05:54 - 2013-07-10 05:54 - 00000000 ___DC C:\ProgramData\IsolatedStorage 2013-07-10 05:53 - 2013-07-10 05:53 - 00000000 ___DC C:\Program Files\FileViewPro 2013-07-10 04:41 - 2013-07-10 14:31 - 00000000 ___DC C:\Program Files (x86)\AudioKonvertor 2013-07-10 04:40 - 2013-07-10 04:39 - 14178136 ____C C:\Users\Rolf\Downloads\install_audiokonvertor.exe 2013-07-09 14:38 - 2013-07-09 14:38 - 00000000 ___DC C:\Program Files (x86)\DVDVideoSoft 2013-07-09 14:27 - 2013-07-09 14:27 - 01211048 ____C (DVDVideoSoft Ltd. ) C:\Users\Rolf\Downloads\FreeYouTubeToMP3Converter.exe 2013-07-08 11:44 - 2013-07-08 11:44 - 00000000 ___DC C:\Users\Rolf\Documents\CrypTool 2 Projects 2013-07-08 11:44 - 2013-07-08 11:44 - 00000000 ___DC C:\Users\Rolf\AppData\Local\Distributed_Systems_Group 2013-07-08 11:42 - 2013-07-08 11:43 - 00000000 ___DC C:\Users\Rolf\Documents\.jcryptool 2013-07-08 11:41 - 2013-07-08 11:42 - 00000000 ___DC C:\Program Files (x86)\JCrypTool 2013-07-08 11:40 - 2013-07-08 11:40 - 00000000 ___DC C:\Users\Rolf\AppData\Local\CrypTool2 2013-07-08 11:39 - 2013-07-08 11:39 - 00000000 ___DC C:\Program Files (x86)\CrypTool 2 2013-07-05 02:32 - 2013-07-05 02:32 - 00012641 ____C C:\Users\Rolf\Downloads\YoutubeAutoHD.oex 2013-07-05 02:27 - 2013-07-05 02:27 - 00001701 ____C C:\Users\Rolf\Desktop\preisliste schulbücher.txt 2013-07-04 10:44 - 2013-07-06 05:41 - 00000049 ____C C:\Windows\NeroDigital.ini 2013-07-03 08:25 - 2013-07-03 08:27 - 00000000 ___DC C:\Users\Rolf\Downloads\Koenigin.der.Verdammten.German.2002.AC3.DVDRiP.XViD.iNTERNAL-CiA 2013-07-02 03:32 - 2013-07-02 03:32 - 00739856 ____C (Google Inc.) C:\Users\Rolf\Downloads\chrome_installer_27.0.1453.116.exe 2013-07-02 03:31 - 2013-07-02 03:31 - 00219614 ____C C:\Users\Rolf\Documents\bookmarks_02.07.13.html 2013-06-30 03:11 - 2013-07-06 05:37 - 00000033 ____C C:\Users\Rolf\Desktop\BARsaufbienes Radio.m3u 2013-06-30 02:10 - 2013-06-30 02:15 - 00000000 ___DC C:\ProgramData\BlueStacksSetup 2013-06-28 14:31 - 2013-07-16 06:51 - 00000572 ____C C:\Users\Rolf\AppData\Roaming\AutoGK.ini 2013-06-28 14:27 - 2013-06-28 14:27 - 00000000 ___DC C:\Program Files (x86)\XviD 2013-06-28 14:27 - 2013-06-28 14:27 - 00000000 ___DC C:\Program Files (x86)\AviSynth 2.5 2013-06-28 14:25 - 2013-06-28 14:25 - 00000000 ___DC C:\Program Files (x86)\Gabest 2013-06-28 14:23 - 2013-06-28 14:23 - 12341641 ____C C:\Users\Rolf\Downloads\AutoGordianKnot.2.55.Setup.exe 2013-06-28 05:14 - 2013-06-28 05:14 - 00263592 ____C (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2013-06-28 05:14 - 2013-06-28 05:14 - 00175016 ____C (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2013-06-28 05:14 - 2013-06-28 05:14 - 00175016 ____C (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2013-06-28 05:14 - 2013-06-28 05:14 - 00096168 ____C (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll ==================== One Month Modified Files and Folders ======= 2013-07-27 21:03 - 2013-06-10 03:43 - 00327680 ____C C:\Windows\System32\Ikeext.etl 2013-07-27 21:03 - 2011-11-04 10:56 - 00000000 ___DC C:\Users\Rolf\AppData\Roaming\Skype 2013-07-27 18:26 - 2011-01-23 05:15 - 01497146 ____C C:\Windows\WindowsUpdate.log 2013-07-27 17:52 - 2013-07-27 15:55 - 00000000 ___DC C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2013-07-27 16:39 - 2013-07-27 16:38 - 07876512 ____C (Adobe Systems Inc.) C:\Users\Rolf\Downloads\Shockwave_Installer_Slim.exe 2013-07-27 16:39 - 2011-09-10 04:06 - 00000000 ___DC C:\Windows\SysWOW64\Adobe 2013-07-27 15:54 - 2013-07-27 15:41 - 00000000 ___DC C:\ProgramData\ParetoLogic 2013-07-27 15:48 - 2013-07-27 15:48 - 00726464 ____C (Enigma Software Group USA, LLC.) C:\Users\Rolf\Downloads\SpyHunter-Installer (1).exe 2013-07-27 15:41 - 2013-07-27 15:41 - 00000000 ___DC C:\Users\Rolf\AppData\Roaming\DriverCure 2013-07-27 15:40 - 2013-07-27 15:39 - 05799944 ____C (ParetoLogic, Inc.) C:\Users\Rolf\Downloads\RegCureProSetup_RW.exe 2013-07-27 15:39 - 2013-07-27 15:39 - 00001205 ____C C:\Users\Rolf\Downloads\FixNCR.reg 2013-07-27 15:29 - 2013-07-27 15:29 - 01440846 ____C C:\Users\Rolf\Downloads\mbam-chameleon-1.62.1.1000.zip 2013-07-27 15:27 - 2013-07-20 05:33 - 00000000 ___DC C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-07-27 15:26 - 2013-07-27 15:26 - 13399154 ____C C:\Users\Rolf\Downloads\mbar-1.06.0.1004.zip 2013-07-27 15:24 - 2013-07-27 15:24 - 00204496 ____C (Malwarebytes) C:\Users\Rolf\Downloads\StartUpLite.exe 2013-07-27 14:36 - 2011-11-05 10:53 - 00000000 ___DC C:\Users\Rolf\AppData\Local\PMB Files 2013-07-27 14:02 - 2012-07-05 13:22 - 00000000 ___DC C:\Users\Rolf\AppData\Roaming\Dropbox 2013-07-27 13:57 - 2012-07-22 06:21 - 00000000 ___DC C:\ProgramData\Kaspersky Lab 2013-07-27 13:55 - 2009-07-13 19:20 - 00000000 ___DC C:\Windows\tracing 2013-07-27 13:52 - 2012-04-13 06:39 - 00060926 ____C C:\Windows\setupact.log 2013-07-27 13:52 - 2011-01-23 05:21 - 00000000 ___DC C:\users\Rolf 2013-07-27 13:52 - 2009-07-13 21:32 - 00000000 ___DC C:\Program Files\Windows Defender 2013-07-27 13:52 - 2009-07-13 21:08 - 00000006 ___HC C:\Windows\Tasks\SA.DAT 2013-07-27 13:51 - 2013-07-27 10:49 - 00000000 ___DC C:\ProgramData\HitmanPro 2013-07-27 13:51 - 2013-07-27 07:00 - 00000000 ___DC C:\Users\Rolf\AppData\Local\Abelssoft 2013-07-27 13:51 - 2013-07-27 07:00 - 00000000 ___DC C:\Program Files (x86)\MyKeyFinder 2013-07-27 13:51 - 2013-07-24 08:40 - 00000000 ___DC C:\Program Files (x86)\AC3 Player 2013-07-27 13:51 - 2013-07-13 05:12 - 00000000 ___DC C:\Users\Rolf\AppData\Roaming\.minecraft 2013-07-27 13:51 - 2013-03-24 04:12 - 00000000 ___DC C:\Users\Rolf\AppData\Roaming\vlc 2013-07-27 13:51 - 2013-03-20 13:42 - 00000000 ___DC C:\Users\Rolf\AppData\Roaming\BitTorrent 2013-07-27 13:51 - 2013-03-18 12:28 - 00000000 ___DC C:\Users\Rolf\AppData\Roaming\PowerMp3WmaConverter 2013-07-27 13:51 - 2013-02-28 16:14 - 00000000 ___DC C:\Program Files\DivX 2013-07-27 13:51 - 2013-02-28 16:11 - 00000000 ___DC C:\Program Files (x86)\DivX 2013-07-27 13:51 - 2013-02-28 16:10 - 00000000 ___DC C:\ProgramData\DivX 2013-07-27 13:51 - 2012-12-12 10:13 - 00000000 __RDC C:\Program Files (x86)\Skype 2013-07-27 13:51 - 2012-11-09 07:09 - 00000000 ___DC C:\Program Files (x86)\Mozilla Maintenance Service 2013-07-27 13:51 - 2011-11-10 02:25 - 00000000 ___DC C:\Users\Rolf\AppData\Local\Akamai 2013-07-27 13:51 - 2010-11-02 01:41 - 00000000 ___DC C:\Windows\SysWOW64\Macromed 2013-07-27 13:51 - 2009-07-13 19:20 - 00000000 ___DC C:\Windows\AppCompat 2013-07-27 13:50 - 2009-07-13 19:20 - 00000000 ___DC C:\Windows\registration 2013-07-27 13:44 - 2012-03-05 11:07 - 00000000 __RDC C:\Users\Rolf\Desktop\Dj Musik 2013-07-27 13:44 - 2011-11-04 10:55 - 00000000 ___DC C:\ProgramData\Skype 2013-07-27 13:44 - 2011-01-23 08:34 - 00000000 ___DC C:\Users\Rolf\AppData\Local\Adobe 2013-07-27 10:49 - 2013-07-27 10:49 - 00000000 ___DC C:\Program Files\HitmanPro 2013-07-27 09:23 - 2013-07-27 09:23 - 00048384 ____C C:\Users\Rolf\Desktop\Addition.txt 2013-07-27 09:17 - 2013-07-27 09:17 - 00000000 ___DC C:\FRST 2013-07-27 08:16 - 2012-07-02 09:38 - 00000000 ___DC C:\Users\Rolf\AppData\Local\CrashDumps 2013-07-27 07:43 - 2013-07-27 07:43 - 00002136 ____C C:\Users\Rolf\Downloads\Ashampoo_Burning_Studio_Elements_10.0.9__Setup_+_Keygen.torrent 2013-07-27 07:41 - 2013-07-27 07:41 - 00002182 ____C C:\Users\Rolf\Downloads\[torrent.cd].Ashampoo_Burning_Studio_Elements_10.0.9_Setup_+_Keygen.torrent 2013-07-26 15:46 - 2013-03-16 09:34 - 00000000 ___DC C:\ProgramData\firebird 2013-07-25 06:07 - 2009-07-13 20:45 - 00009888 ___HC C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-07-25 06:07 - 2009-07-13 20:45 - 00009888 ___HC C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-07-24 13:53 - 2013-07-24 13:52 - 01392906 ____C C:\Users\Rolf\Downloads\licensecrawler130.zip 2013-07-24 13:52 - 2013-07-24 13:52 - 00022220 ____C C:\Users\Rolf\Downloads\language_pack.zip 2013-07-24 08:40 - 2013-07-24 08:40 - 00000000 ____C C:\END 2013-07-24 07:12 - 2013-07-24 07:12 - 00291890 ____C C:\Users\Rolf\Downloads\CraftGuide-1.6.7.3.zip 2013-07-24 07:11 - 2013-07-24 07:11 - 00287669 ____C C:\Users\Rolf\Downloads\CraftGuide-1.6.7.3-modloader.zip 2013-07-24 07:03 - 2013-07-24 07:03 - 00073973 ____C C:\Users\Rolf\Downloads\Railcraft_API_1.5.2-7.3.0.0.zip 2013-07-24 07:03 - 2013-07-24 07:02 - 02513074 ____C C:\Users\Rolf\Downloads\Railcraft_1.5.2-7.3.0.0.jar 2013-07-24 06:58 - 2013-07-24 06:58 - 00025282 ____C C:\Users\Rolf\Downloads\Elemental-Arrows-Mod-1.5.2.zip 2013-07-24 04:56 - 2013-07-24 04:56 - 00001157 ____C C:\DelFix.txt 2013-07-24 04:56 - 2013-07-24 04:56 - 00000000 ___DC C:\Windows\ERUNT 2013-07-24 04:54 - 2013-07-23 13:13 - 00000000 ___DC C:\Windows\erdnt 2013-07-24 04:49 - 2013-07-24 04:49 - 00706916 ____C C:\Users\Rolf\Desktop\delfix.exe 2013-07-24 04:43 - 2011-01-27 00:56 - 00000000 ___DC C:\Program Files (x86)\Mozilla Firefox 2013-07-24 04:41 - 2013-07-24 04:41 - 21703480 ____C (Mozilla) C:\Users\Rolf\Downloads\Firefox Setup 22.0.exe 2013-07-24 04:30 - 2010-10-13 02:37 - 00000000 ___DC C:\Program Files\Java 2013-07-24 04:13 - 2012-04-08 02:37 - 00000884 ____C C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-07-24 04:08 - 2013-07-24 04:08 - 12931078 ____C C:\Users\Rolf\Downloads\SCFanpackage.zip 2013-07-23 18:21 - 2013-07-23 18:21 - 00001379 ____C C:\Users\Rolf\Desktop\aestool - Verknüpfung.lnk 2013-07-23 14:08 - 2012-07-06 05:53 - 00000000 __RDC C:\Users\Rolf\Dropbox 2013-07-23 14:02 - 2009-07-13 19:20 - 00000000 _RHDC C:\users\Default 2013-07-23 13:46 - 2009-07-13 18:34 - 00000215 ____C C:\Windows\system.ini 2013-07-23 12:52 - 2013-07-23 12:52 - 00246561 ____C C:\Users\Rolf\Downloads\superfish adware mit blockierung des antiviren programs - Trojaner-Board.htm 2013-07-23 12:52 - 2013-07-23 12:52 - 00000000 ___DC C:\Users\Rolf\Downloads\superfish adware mit blockierung des antiviren programs - Trojaner-Board_files 2013-07-23 12:44 - 2013-06-26 07:09 - 00000000 ___DC C:\Program Files (x86)\Plus-HD-1.6 2013-07-23 09:30 - 2013-07-23 09:30 - 00000000 ___DC C:\Users\Rolf\AppData\Roaming\LavasoftStatistics 2013-07-23 09:18 - 2013-07-23 09:18 - 00000000 ___DC C:\ProgramData\Downloaded Installations 2013-07-23 09:17 - 2013-07-23 09:17 - 00000000 ___DC C:\Program Files (x86)\Toolbar Cleaner 2013-07-23 09:14 - 2013-07-23 09:14 - 05616264 ____C (Lavasoft Limited) C:\Users\Rolf\Downloads\Adaware53_Installer.exe 2013-07-23 09:14 - 2013-07-23 09:14 - 00014456 ____C (GFI Software) C:\Windows\System32\Drivers\gfibto.sys 2013-07-23 09:14 - 2009-07-13 19:20 - 00000000 ___DC C:\Windows\System32\NDF 2013-07-23 07:53 - 2013-04-28 04:43 - 00000000 ___DC C:\Users\Rolf\Desktop\sound fx daten 2013-07-23 07:53 - 2011-01-23 05:24 - 00003934 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{0AF23A97-653E-4B26-A3DD-52F6F8B9DA00} 2013-07-23 07:51 - 2010-05-12 00:18 - 04650530 ____C C:\Windows\System32\perfh007.dat 2013-07-23 07:51 - 2010-05-12 00:18 - 01414070 ____C C:\Windows\System32\perfc007.dat 2013-07-23 07:51 - 2009-07-13 21:13 - 00006508 ____C C:\Windows\System32\PerfStringBackup.INI 2013-07-23 07:47 - 2013-07-23 07:47 - 07937056 ____C C:\Users\Rolf\Downloads\Nightcore - Dynamite.mp4 2013-07-23 07:46 - 2013-07-23 07:46 - 06018938 ____C C:\Users\Rolf\Downloads\Nightcore - Chipz In Black.mp4 2013-07-23 06:36 - 2013-07-23 06:36 - 00726464 ____C (Enigma Software Group USA, LLC.) C:\Users\Rolf\Downloads\SpyHunter-Installer.exe 2013-07-22 04:52 - 2013-07-22 04:52 - 00000000 ___DC C:\Users\Rolf\Documents\My Games 2013-07-21 02:26 - 2013-07-21 02:21 - 321314481 ____C C:\Users\Rolf\Downloads\Winx Club Staffel 5 Folge 1 Die Ölkatastrophe HD Ganze Folge Deutsch _ German.mp4 2013-07-20 10:18 - 2013-07-20 10:13 - 00000000 ___DC C:\ProgramData\Spybot - Search & Destroy 2013-07-20 10:13 - 2013-07-20 10:13 - 00000000 ___DC C:\Windows\System32\Tasks\Safer-Networking 2013-07-20 09:51 - 2011-10-25 09:43 - 00000000 ___DC C:\Users\Rolf\AppData\Roaming\WinRAR 2013-07-20 08:34 - 2013-07-20 08:16 - 417923699 ____C C:\Users\Rolf\Downloads\OM M.rar 2013-07-20 07:49 - 2013-07-20 07:49 - 00659797 ____C C:\Users\Rolf\Downloads\VisualBoyAdvance-1.8.0-beta3.zip 2013-07-20 07:49 - 2013-07-20 07:49 - 00108176 ____C C:\Users\Rolf\Downloads\Metroid 2 - Return of Samus.zip 2013-07-20 07:48 - 2013-07-20 07:43 - 296225020 ____C C:\Users\Rolf\Downloads\Metroid Prime 3 - Trilogy Remaster.zip 2013-07-20 07:25 - 2013-07-20 07:24 - 36271144 ____C (Safer-Networking Ltd. ) C:\Users\Rolf\Downloads\spybot-2.1.exe 2013-07-20 06:00 - 2013-07-20 06:00 - 00000000 ___DC C:\ProgramData\StarApp 2013-07-20 06:00 - 2013-07-20 06:00 - 00000000 ___DC C:\ProgramData\InstallMate 2013-07-20 05:23 - 2013-07-20 05:23 - 10285040 ____C (Malwarebytes Corporation ) C:\Users\Rolf\Downloads\mbam-setup-1.75.0.1300.exe 2013-07-19 16:51 - 2013-07-19 16:51 - 17355680 ____C C:\Users\Rolf\Downloads\Crazy Frog - Popcorn.mp4 2013-07-19 16:45 - 2013-07-19 16:45 - 09920468 ____C C:\Users\Rolf\Downloads\CRAZY FROG - Daddy DJ (Clip Officiel).mp4 2013-07-19 16:41 - 2013-07-19 16:41 - 11178752 ____C C:\Users\Rolf\Downloads\Crazy Frog - We Are The Champions.mp4 2013-07-19 13:19 - 2013-07-19 13:19 - 01492584 ____C (Skype Technologies S.A.) C:\Users\Rolf\Downloads\SkypeSetup.exe 2013-07-19 12:34 - 2013-07-19 12:34 - 04179944 ____C (TeamViewer) C:\Users\Rolf\Downloads\TeamViewerQS_de.exe 2013-07-19 09:05 - 2013-07-19 09:04 - 00000000 ___DC C:\Users\Rolf\Downloads\93655 2013-07-19 08:57 - 2013-07-19 08:17 - 123504950 ____C C:\Users\Rolf\Downloads\BSS0H5eVmj9SFYaw-avXtf0rlxafo5XO6bA85w3nUtU.rar 2013-07-19 08:48 - 2013-07-19 08:48 - 00050433 ____C C:\Users\Rolf\Downloads\convert2mp3_video_converter_1.7.crx 2013-07-19 08:47 - 2013-07-19 08:46 - 16658002 ____C C:\Users\Rolf\Downloads\CH!PZ - 1001 Arabian Nights (HQ) OFFICIAL VIDEO FULL HD.mp4 2013-07-19 02:51 - 2013-07-19 02:44 - 00000000 ___DC C:\Windows\System32\MRT 2013-07-18 12:40 - 2013-07-18 12:40 - 00000182 ____C C:\Users\Rolf\Downloads\stream.asx 2013-07-17 17:01 - 2013-07-17 17:02 - 00927399 ____C C:\Users\Rolf\Downloads\CryptMaster.exe 2013-07-17 16:59 - 2013-04-28 04:43 - 00000000 ___DC C:\Users\Rolf\Desktop\tevion usb stick daten 2013-07-17 16:48 - 2013-07-17 16:48 - 00000000 ___DC C:\Users\Rolf\AppData\Roaming\Unity 2013-07-17 16:08 - 2013-07-17 16:08 - 00000000 ___DC C:\Program Files (x86)\AntiTwin 2013-07-17 16:07 - 2013-07-17 16:07 - 00643592 ____C (Unity Technologies ApS) C:\Users\Rolf\Downloads\UnityWebPlayer.exe 2013-07-17 16:07 - 2013-07-17 16:07 - 00000000 ___DC C:\Users\Rolf\AppData\Local\Unity 2013-07-17 05:50 - 2013-07-17 05:50 - 00816474 ____C C:\Users\Rolf\Downloads\AntiTwin_19Beta_Setup.exe 2013-07-16 10:19 - 2013-07-16 10:18 - 01327680 ____C C:\Users\Rolf\Downloads\CryptMaster-Downloader.exe 2013-07-16 08:04 - 2013-07-16 08:04 - 00085204 ____C C:\Users\Rolf\Documents\AdwCleaner[S1] gelöschte adwares.txt 2013-07-16 07:49 - 2013-07-16 07:48 - 00000098 ____C C:\Windows\DeleteOnReboot.bat 2013-07-16 06:51 - 2013-06-28 14:31 - 00000572 ____C C:\Users\Rolf\AppData\Roaming\AutoGK.ini 2013-07-16 06:03 - 2013-07-16 06:03 - 00018702 ____C C:\Users\Rolf\Downloads\044.crx 2013-07-16 05:51 - 2011-01-23 05:21 - 00000000 ___DC C:\Users\Rolf\AppData\Local\VirtualStore 2013-07-16 04:15 - 2013-07-16 04:14 - 00000000 ___DC C:\Users\Rolf\Desktop\Bilder 2013-07-15 02:56 - 2013-07-15 02:56 - 00035058 ____C C:\Users\Rolf\Downloads\[FileCopter]turbomodelthingy.zip 2013-07-14 12:40 - 2013-07-14 12:35 - 111769046 ____C C:\Users\Rolf\Downloads\AetherII_Alpha_v1.0.2_MC1.5.1.zip 2013-07-14 12:35 - 2013-07-14 12:35 - 00967536 ____C C:\Users\Rolf\Downloads\AetherII_Alpha_v1.0.2_MC1.5.1.exe 2013-07-14 10:13 - 2013-07-14 10:10 - 03375803 ____C C:\Users\Rolf\Downloads\Industrial-Craft-2-Mod-1.5.2.jar 2013-07-14 09:47 - 2013-07-14 09:47 - 01153651 ____C C:\Users\Rolf\Downloads\Buildcraft Mod 1.5.2.jar 2013-07-14 09:45 - 2013-07-14 09:45 - 00008007 ____C C:\Users\Rolf\Downloads\Atomic-Science-API-1.5.2.zip 2013-07-14 09:01 - 2011-12-01 03:17 - 00000000 ___DC C:\Users\Rolf\AppData\Roaming\ObviousIdea 2013-07-14 07:24 - 2013-07-14 07:24 - 00967536 ____C C:\Users\Rolf\Downloads\der letzte sommer.exe 2013-07-14 05:31 - 2012-04-08 02:37 - 00692104 ____C (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-07-14 05:31 - 2012-04-08 02:37 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2013-07-14 05:31 - 2011-07-28 06:06 - 00071048 ____C (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-07-14 04:48 - 2011-01-23 05:18 - 00001110 ____C C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-07-14 04:48 - 2011-01-23 05:18 - 00001106 ____C C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-07-12 23:57 - 2011-01-23 05:18 - 00004108 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2013-07-12 23:57 - 2011-01-23 05:18 - 00003856 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2013-07-12 17:18 - 2011-10-29 13:19 - 00000000 ___DC C:\Users\Rolf\AppData\Roaming\PlayFirst 2013-07-12 17:18 - 2011-10-29 13:19 - 00000000 ___DC C:\ProgramData\PlayFirst 2013-07-12 17:17 - 2013-07-12 17:17 - 00000000 ___DC C:\My Games 2013-07-12 17:16 - 2011-09-15 02:22 - 00000000 ___DC C:\Program Files (x86)\Zylom Games 2013-07-12 17:14 - 2013-07-12 17:14 - 00003006 ____C C:\Windows\System32\Tasks\{3A8EBCFF-7198-49CF-986E-A789C64F20A8} 2013-07-12 14:04 - 2013-07-12 14:04 - 00000000 ___DC C:\ProgramData\Sandlot Games 2013-07-12 14:01 - 2013-07-12 14:01 - 00000000 ___DC C:\Program Files (x86)\Cake Mania 2 2013-07-12 13:58 - 2013-07-12 13:58 - 00000000 ___DC C:\Users\Rolf\AppData\Local\Big Fish 2013-07-12 13:57 - 2013-07-12 13:57 - 00000000 ___DC C:\Boonty 2013-07-12 08:58 - 2013-07-12 08:58 - 00001004 ____C C:\Users\Rolf\Desktop\tatoos - Verknüpfung.lnk 2013-07-11 13:57 - 2012-01-02 11:17 - 00000000 ___DC C:\Users\Rolf\AppData\Roaming\Utherverse 2013-07-10 17:20 - 2009-07-13 20:45 - 08769616 ____C C:\Windows\System32\FNTCACHE.DAT 2013-07-10 17:17 - 2013-03-13 10:55 - 00000000 ___DC C:\Program Files\Microsoft Silverlight 2013-07-10 17:17 - 2013-03-13 10:55 - 00000000 ___DC C:\Program Files (x86)\Microsoft Silverlight 2013-07-10 17:16 - 2009-07-13 23:45 - 00000000 ___DC C:\Program Files\Windows Journal 2013-07-10 17:16 - 2009-07-13 21:32 - 00000000 ___DC C:\Program Files (x86)\Windows Defender 2013-07-10 14:57 - 2009-07-13 18:34 - 00000534 ____C C:\Windows\win.ini 2013-07-10 14:50 - 2013-07-10 14:49 - 19238912 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2013-07-10 14:50 - 2013-07-10 14:49 - 15404032 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2013-07-10 14:50 - 2013-07-10 14:49 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-07-10 14:50 - 2013-07-10 14:49 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-07-10 14:50 - 2013-07-10 14:49 - 03958784 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2013-07-10 14:50 - 2013-07-10 14:49 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-07-10 14:50 - 2013-07-10 14:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-07-10 14:50 - 2013-07-10 14:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2013-07-10 14:50 - 2013-07-10 14:49 - 02648576 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2013-07-10 14:50 - 2013-07-10 14:49 - 02241024 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll 2013-07-10 14:50 - 2013-07-10 14:49 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-07-10 14:50 - 2013-07-10 14:49 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-07-10 14:50 - 2013-07-10 14:49 - 01365504 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2013-07-10 14:50 - 2013-07-10 14:49 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-07-10 14:50 - 2013-07-10 14:49 - 00855552 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll 2013-07-10 14:50 - 2013-07-10 14:49 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-07-10 14:50 - 2013-07-10 14:49 - 00603136 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2013-07-10 14:50 - 2013-07-10 14:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll 2013-07-10 14:50 - 2013-07-10 14:49 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-07-10 14:50 - 2013-07-10 14:49 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-07-10 14:50 - 2013-07-10 14:49 - 00136704 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll 2013-07-10 14:50 - 2013-07-10 14:49 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2013-07-10 14:50 - 2013-07-10 14:49 - 00089600 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe 2013-07-10 14:50 - 2013-07-10 14:49 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2013-07-10 14:50 - 2013-07-10 14:49 - 00067072 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll 2013-07-10 14:50 - 2013-07-10 14:49 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2013-07-10 14:50 - 2013-07-10 14:49 - 00053248 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2013-07-10 14:50 - 2013-07-10 14:49 - 00051712 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe 2013-07-10 14:50 - 2013-07-10 14:49 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll 2013-07-10 14:50 - 2013-07-10 14:49 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-07-10 14:50 - 2013-07-10 14:49 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2013-07-10 14:50 - 2013-07-10 14:23 - 01887744 _____ (Microsoft Corporation) C:\Windows\System32\WMVDECOD.DLL 2013-07-10 14:50 - 2013-07-10 14:23 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL 2013-07-10 14:50 - 2013-07-10 14:23 - 00624128 _____ (Microsoft Corporation) C:\Windows\System32\qedit.dll 2013-07-10 14:50 - 2013-07-10 14:23 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll 2013-07-10 14:38 - 2013-07-10 14:23 - 03153920 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys 2013-07-10 14:31 - 2013-07-10 14:22 - 01643520 _____ (Microsoft Corporation) C:\Windows\System32\DWrite.dll 2013-07-10 14:31 - 2013-07-10 14:22 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll 2013-07-10 14:31 - 2013-07-10 04:41 - 00000000 ___DC C:\Program Files (x86)\AudioKonvertor 2013-07-10 07:59 - 2013-07-10 07:58 - 00000078 ____C C:\Users\Rolf\Desktop\bankdaten für bud spencer film.txt 2013-07-10 05:54 - 2013-07-10 05:54 - 00000000 ___DC C:\Users\Rolf\AppData\Roaming\IsolatedStorage 2013-07-10 05:54 - 2013-07-10 05:54 - 00000000 ___DC C:\Users\Rolf\AppData\Local\_ 2013-07-10 05:54 - 2013-07-10 05:54 - 00000000 ___DC C:\ProgramData\IsolatedStorage 2013-07-10 05:53 - 2013-07-10 05:53 - 00000000 ___DC C:\Program Files\FileViewPro 2013-07-10 04:39 - 2013-07-10 04:40 - 14178136 ____C C:\Users\Rolf\Downloads\install_audiokonvertor.exe 2013-07-09 14:38 - 2013-07-09 14:38 - 00000000 ___DC C:\Program Files (x86)\DVDVideoSoft 2013-07-09 14:38 - 2011-10-09 06:41 - 00000000 ___DC C:\Users\Rolf\AppData\Roaming\DVDVideoSoft 2013-07-09 14:27 - 2013-07-09 14:27 - 01211048 ____C (DVDVideoSoft Ltd. ) C:\Users\Rolf\Downloads\FreeYouTubeToMP3Converter.exe 2013-07-08 11:44 - 2013-07-08 11:44 - 00000000 ___DC C:\Users\Rolf\Documents\CrypTool 2 Projects 2013-07-08 11:44 - 2013-07-08 11:44 - 00000000 ___DC C:\Users\Rolf\AppData\Local\Distributed_Systems_Group 2013-07-08 11:43 - 2013-07-08 11:42 - 00000000 ___DC C:\Users\Rolf\Documents\.jcryptool 2013-07-08 11:42 - 2013-07-08 11:41 - 00000000 ___DC C:\Program Files (x86)\JCrypTool 2013-07-08 11:40 - 2013-07-08 11:40 - 00000000 ___DC C:\Users\Rolf\AppData\Local\CrypTool2 2013-07-08 11:39 - 2013-07-08 11:39 - 00000000 ___DC C:\Program Files (x86)\CrypTool 2 2013-07-06 05:41 - 2013-07-04 10:44 - 00000049 ____C C:\Windows\NeroDigital.ini 2013-07-06 05:37 - 2013-06-30 03:11 - 00000033 ____C C:\Users\Rolf\Desktop\BARsaufbienes Radio.m3u 2013-07-05 02:32 - 2013-07-05 02:32 - 00012641 ____C C:\Users\Rolf\Downloads\YoutubeAutoHD.oex 2013-07-05 02:27 - 2013-07-05 02:27 - 00001701 ____C C:\Users\Rolf\Desktop\preisliste schulbücher.txt 2013-07-03 08:27 - 2013-07-03 08:25 - 00000000 ___DC C:\Users\Rolf\Downloads\Koenigin.der.Verdammten.German.2002.AC3.DVDRiP.XViD.iNTERNAL-CiA 2013-07-02 03:33 - 2011-01-23 05:23 - 00000000 ___DC C:\Users\Rolf\AppData\Local\Google 2013-07-02 03:32 - 2013-07-02 03:32 - 00739856 ____C (Google Inc.) C:\Users\Rolf\Downloads\chrome_installer_27.0.1453.116.exe 2013-07-02 03:31 - 2013-07-02 03:31 - 00219614 ____C C:\Users\Rolf\Documents\bookmarks_02.07.13.html 2013-07-01 15:07 - 2013-06-25 16:02 - 00000000 _SHDC C:\Windows\SysWOW64\AI_RecycleBin 2013-07-01 15:06 - 2011-10-12 15:25 - 00000000 ___DC C:\AeriaGames 2013-07-01 14:46 - 2009-07-13 19:20 - 00000000 _RHDC C:\Users\Public\Libraries 2013-06-30 02:15 - 2013-06-30 02:10 - 00000000 ___DC C:\ProgramData\BlueStacksSetup 2013-06-29 09:46 - 2013-03-25 08:31 - 00000000 ___DC C:\Users\Rolf\AppData\Roaming\dvdcss 2013-06-29 01:36 - 2012-10-22 13:07 - 00000000 ___DC C:\Users\Rolf\AppData\Roaming\TS3Client 2013-06-28 16:26 - 2012-07-01 07:06 - 00003704 _____ C:\Windows\System32\Tasks\Java Update Scheduler 2013-06-28 14:27 - 2013-06-28 14:27 - 00000000 ___DC C:\Program Files (x86)\XviD 2013-06-28 14:27 - 2013-06-28 14:27 - 00000000 ___DC C:\Program Files (x86)\AviSynth 2.5 2013-06-28 14:25 - 2013-06-28 14:25 - 00000000 ___DC C:\Program Files (x86)\Gabest 2013-06-28 14:23 - 2013-06-28 14:23 - 12341641 ____C C:\Users\Rolf\Downloads\AutoGordianKnot.2.55.Setup.exe 2013-06-28 10:08 - 2012-12-26 16:42 - 00000000 ___DC C:\Users\Rolf\AppData\Local\PhoenixViewer 2013-06-28 05:14 - 2013-06-28 05:14 - 00263592 ____C (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2013-06-28 05:14 - 2013-06-28 05:14 - 00175016 ____C (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2013-06-28 05:14 - 2013-06-28 05:14 - 00175016 ____C (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2013-06-28 05:14 - 2013-06-28 05:14 - 00096168 ____C (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2013-06-28 05:14 - 2012-06-20 11:12 - 00867240 ____C (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll 2013-06-28 05:14 - 2010-07-07 08:34 - 00789416 ____C (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll 2013-06-28 01:00 - 2012-07-05 13:47 - 00000000 ___DC C:\Program Files\WinRAR ==================== Known DLLs (Whitelisted) ================ ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= Restore point made on: 2013-07-24 04:56:35 ==================== Memory info =========================== Percentage of memory in use: 17% Total physical RAM: 3893.49 MB Available physical RAM: 3217.26 MB Total Pagefile: 3891.64 MB Available Pagefile: 3221.13 MB Total Virtual: 8192 MB Available Virtual: 8191.87 MB ==================== Drives ================================ Drive c: (Boot) (Fixed) (Total:546.25 GB) (Free:273.72 GB) NTFS (Disk=0 Partition=2) Drive e: (Recover) (Fixed) (Total:48.83 GB) (Free:7.32 GB) NTFS (Disk=0 Partition=3) Drive i: (KILLER) (Removable) (Total:3.73 GB) (Free:3.73 GB) FAT32 (Disk=2 Partition=1) Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS Drive y: () (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS (Disk=0 Partition=1) ==>[System with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 596 GB) (Disk ID: 2BD2C32A) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=546 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=49 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=1023 MB) - (Type=12) ======================================================== Disk: 2 (Size: 4 GB) (Disk ID: 8810FE2B) Partition 1: (Active) - (Size=4 GB) - (Type=0B) LastRegBack: 2013-07-23 20:37 ==================== End Of Log ============================ --- --- --- --- --- --- fixlog Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 27-07-2013 04
Ran by Rolf at 2013-07-28 10:04:03 Run:1
Running from C:\Users\Rolf\Desktop
Boot Mode: Safe Mode (with Networking)
==============================================
"C:\Windows\Installer\{f83a451a-099f-921b-9482-2c39ad2569aa}" => File/Directory not found.
"C:\Windows\Installer\{f83a451a-099f-921b-9482-2c39ad2569aa}\@" => File/Directory not found.
"C:\Windows\Installer\{f83a451a-099f-921b-9482-2c39ad2569aa}\L" => File/Directory not found.
"C:\Windows\Installer\{f83a451a-099f-921b-9482-2c39ad2569aa}\U" => File/Directory not found.
"C:\Windows\Installer\{f83a451a-099f-921b-9482-2c39ad2569aa}\L\00000004.@" => File/Directory not found.
"C:\Windows\Installer\{f83a451a-099f-921b-9482-2c39ad2569aa}\U\00000004.@" => File/Directory not found.
"C:\Windows\Installer\{f83a451a-099f-921b-9482-2c39ad2569aa}\U\00000008.@" => File/Directory not found.
"C:\Windows\Installer\{f83a451a-099f-921b-9482-2c39ad2569aa}\U\000000cb.@" => File/Directory not found.
"C:\Windows\Installer\{f83a451a-099f-921b-9482-2c39ad2569aa}\U\80000000.@" => File/Directory not found.
"C:\Windows\Installer\{f83a451a-099f-921b-9482-2c39ad2569aa}\U\80000032.@" => File/Directory not found.
"C:\Windows\Installer\{f83a451a-099f-921b-9482-2c39ad2569aa}\U\80000064.@" => File/Directory not found.
"C:\Windows\assembly\GAC_64\Desktop.ini" => File/Directory not found.
"C:\Program Files\Windows Defender" => Deleting reparse point and unlocking started.
"C:\Program Files\Windows Defender" => Deleting reparse point and unlocking completed.
==== End of Fixlog ====
die dateien hatte kaspersky gestern schon gelöscht nur system fällt immer noch aus der abgesicherte modus startet jetzt wieder Oo ohne das chdsk auftaucht trotzdem startet der rechner nicht im normal modus so alles bis jetzt getan ^^ log erstellt habe und gepostet ^^ |
|
28.07.2013, 16:34
| #9 |
| /// the machine /// TB-Ausbilder | backdoor.WIN32.ZAccess.mbs wurde gefunden system ausfall folge windwos nur noch über abgesicherten modus startbar Drücke bitte die  + R Taste und schreibe notepad in das Ausführen Fenster.Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter BootExecute: autocheck autochk /r \??\C:autocheck autochk /p \??\G:autocheck autochk *
S3 MpsSvc; C:\Windows\SysWow64\. [0 2013-07-27] ()
Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier. Nochmal versuchen, ausserdem bitte die Startreparatur durchführen.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
29.07.2013, 07:09
| #10 |
| | backdoor.WIN32.ZAccess.mbs wurde gefunden system ausfall folge windwos nur noch über abgesicherten modus startbar problem beim starten des frst in der reperaturoption von windows schreibt seit ner stunde ca. er würde des usb stick konfigurieren um den frst auszuführen nach daten dort drauf hat sich festgefahren und macht nix mehr selbst gefixt sich hat rofl nach ner stunde hat er es selber weiter gemacht ^^ fixlog Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 27-07-2013 04
Ran by SYSTEM at 2013-07-28 18:39:45 Run:1
Running from I:\
Boot Mode: Recovery
==============================================
HKLM\System\ControlSet00\Control\Session Manager\\BootExecute => Error setting value.
MpsSvc => Service not found.
==== End of Fixlog ====
die nirgends abgespeichert wird -.-* warte jetzt auf nächste anweisung grins system immer noch geblockt crasht nach 6 maligen systemstart reperatur immer noch Geändert von saufbiene (28.07.2013 um 17:36 Uhr) |
|
29.07.2013, 08:46
| #11 |
| /// the machine /// TB-Ausbilder | backdoor.WIN32.ZAccess.mbs wurde gefunden system ausfall folge windwos nur noch über abgesicherten modus startbar Strange, poste bitte ein frisches Log aus der Recovery.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
29.07.2013, 09:47
| #12 |
| | backdoor.WIN32.ZAccess.mbs wurde gefunden system ausfall folge windwos nur noch über abgesicherten modus startbar das hier hat er gefunden als crash dumb datei weis nicht ob du damit was anfangen kanst hab sie gezippt weil anders nicht sichtbar machbar -.- |
|
29.07.2013, 11:03
| #13 |
| /// the machine /// TB-Ausbilder | backdoor.WIN32.ZAccess.mbs wurde gefunden system ausfall folge windwos nur noch über abgesicherten modus startbar und ein frisches Log von FRST bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
29.07.2013, 12:11
| #14 |
| | backdoor.WIN32.ZAccess.mbs wurde gefunden system ausfall folge windwos nur noch über abgesicherten modus startbar log kommt von frst FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-07-2013 Ran by Rolf (administrator) on 29-07-2013 12:03:45 Running from C:\Users\Rolf\Desktop Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 10 Boot Mode: Safe Mode (with Networking) ==================== Processes (Whitelisted) ================= (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1890088 2009-12-11] (Synaptics Incorporated) HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11548264 2010-11-03] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2181224 2010-11-03] (Realtek Semiconductor) HKLM\...\Run: [Seagull Drivers] - ssdal_nc.exe startup [x] HKLM\...\Run: [IntelliPoint] - c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation) HKLM\...\Run: [HP Color LaserJet CM1312 MFP Series Fax] - C:\Program Files (x86)\HP\HP Color LaserJet CM1312 MFP Series\hppfaxprintersrv.exe [3700736 2009-09-22] (Hewlett-Packard Company) HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated) HKLM-x32\...\Runonce: [ Malwarebytes Anti-Malware (cleanup)] - rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript [x] HKCU\...\Run: [AdobeBridge] - C:\Program Files (x86)\Adobe\Adobe Bridge CS4\Bridge.exe [13145448 2008-08-28] (Adobe Systems, Inc.) HKCU\...\Run: [Pando Media Booster] - C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [3077528 2011-11-05] () HKCU\...\Run: [Akamai NetSession Interface] - C:\Users\Rolf\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.) HKCU\...\Run: [MobileDocuments] - C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe [59240 2012-02-23] (Apple Inc.) HKCU\...\Run: [Personal ID] - C:\PROGRA~2\COOLSP~1\PERSON~1\PID.EXE [1132984 2012-01-02] (coolspot AG, Düsseldorf) HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [19603048 2013-06-03] (Skype Technologies S.A.) HKLM-x32\...\Run: [HotkeyApp] - C:\Program Files (x86)\Launch Manager\HotkeyApp.exe [200704 2009-12-14] (Wistron) HKLM-x32\...\Run: [LMgrVolOSD] - C:\Program Files (x86)\Launch Manager\OSD.exe [348960 2009-12-12] (Wistron Corp.) HKLM-x32\...\Run: [Wbutton] - C:\Program Files (x86)\Launch Manager\Wbutton.exe [436264 2010-06-21] (Wistron Corp.) HKLM-x32\...\Run: [CLMLServer] - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [103720 2009-11-02] (CyberLink) HKLM-x32\...\Run: [YouCam Mirage] - C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [136488 2010-10-29] (CyberLink) HKLM-x32\...\Run: [AdobeCS4ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [611712 2008-08-14] (Adobe Systems Incorporated) HKLM-x32\...\Run: [] - [x] HKLM-x32\...\Run: [Acrobat Assistant 8.0] - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [642816 2012-12-18] (Adobe Systems Inc.) HKLM-x32\...\Run: [Adobe_ID0ENQBO] - C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE [378224 2008-08-15] (Adobe Systems Incorporated) HKLM-x32\...\Run: [HPUsageTracking] - C:\Program Files (x86)\HP\HP UT\bin\hppusg.exe [24576 2009-05-11] (Hewlett-Packard Company) HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.) HKLM-x32\...\Run: [DivXMediaServer] - C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-05-20] (DivX, LLC) HKLM-x32\...\Run: [DivXUpdate] - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1263952 2013-02-13] () HKLM-x32\...\Run: [AVP] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356376 2013-02-28] (Kaspersky Lab ZAO) HKLM-x32\...\Run: [AdobeCS6ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1075296 2013-04-25] (Adobe Systems Incorporated) HKU\Default\...\RunOnce: [HKCU] - C:\Windows\System32\oobe\info\HKCU.vbs [126 2009-11-12] () HKU\Default\...\RunOnce: [Screensaver] - C:\Windows\Web\Wallpaper\MEDION\start.vbs [129 2009-10-23] () HKU\Default User\...\RunOnce: [HKCU] - C:\Windows\System32\oobe\info\HKCU.vbs [126 2009-11-12] () HKU\Default User\...\RunOnce: [Screensaver] - C:\Windows\Web\Wallpaper\MEDION\start.vbs [129 2009-10-23] () Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.) Startup: C:\Users\Rolf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Rolf\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) BootExecute: autocheck autochk /p \??\G:autocheck autochk * ==================== Internet (Whitelisted) ==================== ProxyServer: :0 HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch StartMenuInternet: IEXPLORE.EXE - iexplore.exe SearchScopes: HKLM - DefaultScope value is missing. SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKCU - {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL = SearchScopes: HKCU - {CCD070F4-F55B-4DAD-AB73-CB473677714E} URL = BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) BHO-x32: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) BHO-x32: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File DPF: HKLM {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: HKLM {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: HKLM-x32 {4FF78044-96B4-4312-A5B7-FDA3CB328095} Handler: msdaipp - No CLSID Value - Handler-x32: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files (x86)\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation) Handler-x32: msdaipp - No CLSID Value - Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - No File Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 Tcpip\..\Interfaces\{3CD1F7EC-0802-45A4-AFC1-73A4D005F5B9}: [NameServer]193.189.244.225 193.189.244.206 Tcpip\..\Interfaces\{75BC5AA5-7F30-41CC-B2FA-80D600FCEF44}: [NameServer]193.189.244.225 193.189.244.206 Tcpip\..\Interfaces\{83AAB742-4324-4A41-B1E3-9AC77F1D09A4}: [NameServer]193.189.244.225 193.189.244.206 Tcpip\..\Interfaces\{B571EA15-83F6-456F-A557-A15763023944}: [NameServer]193.189.244.225 193.189.244.206 FireFox: ======== FF ProfilePath: C:\Users\Rolf\AppData\Roaming\Mozilla\Firefox\Profiles\unwm0rcp.default FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll () FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin: @java.com/DTPlugin,version=10.13.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=2.0.5 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.0.7 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.) FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @divx.com/DivX Plus Web Player Plug-In,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @zylom.com/ZylomGamesPlayer - C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom) FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems) FF Plugin-x32: adobe.com/AdobeExManDetect - C:\Program Files (x86)\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems) FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Rolf\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF Extension: No Name - C:\Users\Rolf\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} FF Extension: torntv - C:\Users\Rolf\AppData\Roaming\Mozilla\Firefox\Profiles\unwm0rcp.default\Extensions\torntv@torntv.com.xpi FF Extension: No Name - C:\Users\Rolf\AppData\Roaming\Mozilla\Firefox\Profiles\unwm0rcp.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi FF Extension: No Name - C:\Users\Rolf\AppData\Roaming\Mozilla\Firefox\Profiles\unwm0rcp.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi FF Extension: Anti-Banner - C:\Program Files (x86)\Mozilla Firefox\extensions\KavAntiBanner@Kaspersky.ru FF Extension: Anti-Banner - C:\Program Files (x86)\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak2 FF Extension: Modul zur Link-Untersuchung - C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru FF Extension: Modul zur Link-Untersuchung - C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak2 FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF HKLM-x32\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] C:\Program Files (x86)\Kaspersky Security Suite CBE 12\FFExt\virtualKeyboard@kaspersky.ru FF HKLM-x32\...\Firefox\Extensions: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com FF Extension: Content Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird FF StartMenuInternet: FIREFOX.EXE - firefox.exe Chrome: ======= CHR RestoreOnStartup: "hxxp://www.google.com/" CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter} CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\pdf.dll () CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (Microsoft Windows Media Player Firefox Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation) CHR Plugin: (Microsoft Office 2003) - C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFFICE.DLL (Microsoft Corporation) CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll (Apple Inc.) CHR Plugin: (Winamp Application Detector) - C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll (Nullsoft, Inc.) CHR Plugin: (Zylom Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\npzylomgamesplayer.dll (Zylom) CHR Plugin: (AdobeExManDetect) - C:\Program Files (x86)\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems) CHR Plugin: (AdobeAAMDetect) - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems) CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) CHR Plugin: (DivX Plus Web Player) - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File CHR Plugin: (Java(TM) Platform SE 7 U21) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll No File CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll No File CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File CHR Extension: (Google Drive) - C:\Users\Rolf\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0 CHR Extension: (Turn Off the Lights) - C:\Users\Rolf\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn\2.2.0.12_0 CHR Extension: (convert2mp3.net Online Video Converter) - C:\Users\Rolf\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhklmhadmpdfcgimodhdapodbllnjjll\1.7_0 CHR Extension: (YouTube) - C:\Users\Rolf\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0 CHR Extension: (Cake Mania Main Street) - C:\Users\Rolf\AppData\Local\Google\Chrome\User Data\Default\Extensions\bohogdkongdgejlnndnnhamjgfnbfoon\0.1_0 CHR Extension: (Fruit Ninja HD) - C:\Users\Rolf\AppData\Local\Google\Chrome\User Data\Default\Extensions\ceieijcdaiaaflfpnfbeclgnfbhglkde\1.0.0_0 CHR Extension: (Comics and Manga online) - C:\Users\Rolf\AppData\Local\Google\Chrome\User Data\Default\Extensions\chmidfbpiiicmkfimcbcoagpmchgmkpl\1.4.3_0 CHR Extension: (Monster Dash) - C:\Users\Rolf\AppData\Local\Google\Chrome\User Data\Default\Extensions\cknghehebaconkajgiobncfleofebcog\2.2_0 CHR Extension: (Search by Image (by Google)) - C:\Users\Rolf\AppData\Local\Google\Chrome\User Data\Default\Extensions\dajedkncpodkggklbegccjpmnglmnflm\1.4.3_0 CHR Extension: (TinEye Reverse Image Search) - C:\Users\Rolf\AppData\Local\Google\Chrome\User Data\Default\Extensions\haebnnbpedcbhciplfhjjkbafijpncjl\1.1.2_0 CHR Extension: (Content Blocker) - C:\Users\Rolf\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail\13.0.1.4190_1 CHR Extension: (Cake Mania) - C:\Users\Rolf\AppData\Local\Google\Chrome\User Data\Default\Extensions\kckjnbilaljpiclmpmnomoapakjmoapj\0.1_0 CHR Extension: (SparkChess 6) - C:\Users\Rolf\AppData\Local\Google\Chrome\User Data\Default\Extensions\khgabmflimjjbclkmljlpmgaleanedem\6.1.0.1_0 CHR Extension: (Sand 2) - C:\Users\Rolf\AppData\Local\Google\Chrome\User Data\Default\Extensions\klicmgamjpclmbhppmdeamffedflmkcn\1.1_0 CHR Extension: (DivX Plus Web Player HTML5 \u003Cvideo\u003E) - C:\Users\Rolf\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.172_0 CHR Extension: (YouTube Unblocker) - C:\Users\Rolf\AppData\Local\Google\Chrome\User Data\Default\Extensions\npnkeeiehehhefofiekoflfedgehcdhl\0.4.4_0 CHR Extension: (Anti-Banner) - C:\Users\Rolf\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\13.0.1.4190_0 CHR Extension: (LoL Guides) - C:\Users\Rolf\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmcpejbpddihleognngdlmbnpgoaolgl\2.2.6.3_0 CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\urladvisor.crx CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\online_banking_chrome.crx CHR HKLM-x32\...\Chrome\Extension: [hempmfkijmahkaddljkmchcmjbojoedl] - C:\Users\Rolf\AppData\Local\CRE\hempmfkijmahkaddljkmchcmjbojoedl.crx CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\content_blocker_chrome.crx CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\virtkbd.crx CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx CHR HKLM-x32\...\Chrome\Extension: [oejkcgajlodefenbbjdnaiahmbnnoole] - C:\Program Files (x86)\adawaretb\chrome-newtab-search.crx CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\ab.crx ==================== Services (Whitelisted) ================= S3 Adobe Version Cue CS4; C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [284016 2008-08-15] (Adobe Systems Incorporated) S3 Akamai; c:\program files (x86)\common files\akamai/netsession_win_6c825ce.dll [3417376 2012-03-28] () S2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356376 2013-02-28] (Kaspersky Lab ZAO) S3 CGVPNCliSrvc; C:\Program Files\CyberGhost VPN\CGVPNCliService.exe [2430128 2011-12-06] (mobile concepts GmbH) S2 FirebirdGuardianDefaultInstance; C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe [98304 2010-09-17] (Firebird Project) S3 FirebirdServerDefaultInstance; C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe [3735552 2010-09-17] (Firebird Project) S2 hmpalertsvc; C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe [1752488 2013-07-29] (SurfRight B.V.) S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) S3 MpsSvc; C:\Windows\SysWow64\. [0 2013-07-29] () S3 npggsvc; C:\Windows\SysWow64\GameMon.des [5124464 2012-12-16] (INCA Internet Co., Ltd.) S3 OverwolfUpdaterService; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [18360 2013-03-05] (Overwolf Ltd) S2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2010-02-10] () S2 StarMoney Business 4.0 OnlineUpdate; C:\Program Files (x86)\StarMoney Business 4.0 Deutsche Bank Edition\ouservice\StarMoneyOnlineUpdate.exe [554160 2011-11-08] (Star Finanz - Software Entwicklung und Vertriebs GmbH) S3 TuneUp.Defrag; C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe [607040 2013-03-02] (TuneUp Software) S2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe [1403200 2011-11-21] (TuneUp Software) S3 WisLMSvc; C:\Program Files (x86)\Launch Manager\WisLMSvc.exe [118560 2009-10-23] (Wistron Corp.) S2 x10nets; C:\PROGRA~2\COMMON~1\X10\Common\x10nets.exe [20480 2009-11-07] (X10) ==================== Drivers (Whitelisted) ==================== S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [243200 2009-10-21] (Huawei Technologies Co., Ltd.) R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-07-23] (GFI Software) S2 hmpalert; C:\Windows\system32\drivers\hmpalert.sys [17416 2013-07-29] () S2 hmpalert; C:\Windows\system32\drivers\hmpalert.sys [17416 2013-07-29] () S3 hwusbdev; C:\Windows\System32\DRIVERS\ewusbdev.sys [114304 2009-10-12] (Huawei Technologies Co., Ltd.) R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [458584 2012-06-19] (Kaspersky Lab ZAO) S1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [620128 2013-04-26] (Kaspersky Lab ZAO) R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [28504 2012-08-02] (Kaspersky Lab ZAO) S3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29016 2013-02-28] (Kaspersky Lab) S3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29528 2013-02-28] (Kaspersky Lab) R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54368 2013-06-19] (Kaspersky Lab ZAO) S1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178448 2013-04-26] (Kaspersky Lab ZAO) S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) S3 mod7764; C:\Windows\System32\DRIVERS\mod77-64.sys [913888 2009-09-24] (DiBcom SA) S3 NPPTNT2; C:\Windows\SysWow64\npptNT2.sys [4682 2005-01-01] (INCA Internet Co., Ltd.) S3 NxpCap64; C:\Windows\System32\DRIVERS\NxpCap64.sys [1888864 2010-02-04] (NXP Semiconductors Germany GmbH) S3 TrdCap64; C:\Windows\System32\DRIVERS\TrdCap64.sys [1887528 2010-06-09] (Trident Microsystems, Inc.) S3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys [11856 2010-02-25] (TuneUp Software) S3 VCSVADHWSer; C:\Windows\System32\DRIVERS\vcsvad.sys [21504 2008-12-26] (Avnex) R3 X10Hid; C:\Windows\System32\Drivers\x10hid.sys [15896 2009-05-13] (X10 Wireless Technology, Inc.) S3 XUIF; C:\Windows\System32\Drivers\x10ufx2.sys [32792 2009-05-13] (X10 Wireless Technology, Inc.) S3 catchme; \??\C:\ComboFix\catchme.sys [x] S3 NPPTNT2; \??\C:\Windows\system32\npptNT2.sys [x] S3 wolf; \??\C:\AeriaGames\WolfTeam-DE\avital\wolf64.sys [x] ========================== Drivers MD5 ======================= C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit C:\Windows\System32\Drivers\adfs.sys 2F0683FD2DF1D92E891CACA14B45A8C1 C:\Windows\system32\DRIVERS\adp94xx.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\adpahci.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\adpu320.sys ==> MD5 is legit C:\Windows\system32\drivers\afd.sys 1C7857B62DE5994A75B054A9FD4C3825 C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\amdk8.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\amdppm.sys ==> MD5 is legit C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49 C:\Windows\system32\DRIVERS\amdsbs.sys ==> MD5 is legit C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048 C:\Windows\system32\drivers\appid.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\arc.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\arcsas.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit C:\Windows\system32\drivers\atapi.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\bxvbda.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\blbdrive.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\BrFiltLo.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\BrFiltUp.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\bridge.sys 5C2F352A4E961D72518261257AAE204B C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\BthEnum.sys CF98190A94F62E405C8CB255018B2315 C:\Windows\System32\DRIVERS\bthmodem.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\bthpan.sys 02DD601B708DD0667E1331FA8518E9FF C:\Windows\System32\Drivers\BTHport.sys 738D0E9272F59EB7A1449C3EC118E6C4 C:\Windows\System32\Drivers\BTHUSB.sys F188B7394D81010767B6DF3178519A37 C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\circlass.sys ==> MD5 is legit C:\Windows\System32\CLFS.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\clwvd.sys 50F92C943F18B070F166D019DFAB3D9A C:\Windows\system32\DRIVERS\CmBatt.sys ==> MD5 is legit C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit C:\Windows\System32\Drivers\cng.sys AAFCB52FE0037207FB6FBEA070D25EFE C:\Windows\System32\DRIVERS\compbatt.sys ==> MD5 is legit C:\Windows\system32\drivers\CompositeBus.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\crcdisk.sys ==> MD5 is legit C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit C:\Windows\System32\drivers\discache.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\disk.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\Dot4.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\Dot4Prt.sys E9F5969233C5D89F3C35E3A66A52A361 C:\Windows\System32\DRIVERS\dot4usb.sys ==> MD5 is legit C:\Windows\System32\drivers\drmkaud.sys ==> MD5 is legit C:\Windows\System32\drivers\dxgkrnl.sys AF2E16242AA723F68F461B6EAE2EAD3D C:\Windows\system32\DRIVERS\evbda.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\elxstor.sys ==> MD5 is legit C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ewusbnet.sys 477BC304201197F4057090BD60AF1739 C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\fdc.sys ==> MD5 is legit C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\flpydisk.sys ==> MD5 is legit C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B C:\Windows\System32\DRIVERS\fvevol.sys 8F6322049018354F45F05A2FD2D4E5E0 C:\Windows\system32\DRIVERS\gagp30kx.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\GEARAspiWDM.sys 8E98D21EE06192492A5671A6144D092F C:\Windows\System32\drivers\gfibto.sys 14908F4F9005C29DE8F5587E271390EE C:\Windows\System32\DRIVERS\ggflt.sys A4198F2BD8AA592CB90476277A81B5E1 C:\Windows\System32\DRIVERS\ggsemc.sys D266350BDAAB9EB6C1AEC370EEAAFF3A C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit C:\Windows\system32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A C:\Windows\system32\drivers\HDAudBus.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\HECIx64.sys B6AC71AAA2B10848F57FC49D55A651AF C:\Windows\system32\DRIVERS\HidBatt.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\hidbth.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\hidir.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit C:\Windows\system32\drivers\hmpalert.sys 4BF5C88D88D7BD5954C7532F658EC618 C:\Windows\system32\drivers\hmpalert.sys 4BF5C88D88D7BD5954C7532F658EC618 C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ewusbmdm.sys 8F9B0FC4EC3A8194BD4CBC5ED3E7ABEB C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ewusbdev.sys B45B3647BA32749B94FA689175EC8C26 C:\Windows\system32\drivers\i8042prt.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\iaStor.sys ABBF174CB394F5C437410A788B7E404A C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366 C:\Windows\System32\DRIVERS\igdkmd64.sys F4F91789C7C7A159CE8215C1F69F2A85 C:\Windows\system32\DRIVERS\iirsp.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\Impcd.sys DD587A55390ED2295BCE6D36AD567DA9 C:\Windows\System32\drivers\RTKVHD64.sys 4E2745DB3ADEF0FFA5E14857666AAE13 C:\Windows\System32\DRIVERS\IntcDAud.sys 03C74719D48056A1078F3A51CEB76BAA C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit C:\Windows\system32\drivers\msiscsi.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\kl1.sys 8B5219318DF5895ABD230C373F2DF18A C:\Windows\System32\DRIVERS\klif.sys 2CBD248370721DCAD632DB70D09C5A6D C:\Windows\System32\DRIVERS\klim6.sys 9BD99E1AB3F664120AB95C35F9EC1EB0 C:\Windows\System32\DRIVERS\klkbdflt.sys 2C43FD500522EF3B8C283A5846B7FC41 C:\Windows\System32\DRIVERS\klmouflt.sys 70A6D2E292017EC47949696F51ABE18D C:\Windows\System32\DRIVERS\kltdi.sys 45ECF097BC6330C2054D7D43B7AD822B C:\Windows\System32\DRIVERS\kneps.sys 1FCB657B581CC4DF17FD6571F93602DE C:\Windows\System32\Drivers\ksecdd.sys 97A7070AEA4C058B6418519E869A63B4 C:\Windows\System32\Drivers\ksecpkg.sys 7EFB9333E4ECCE6AE4AE9D777D9E553E C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\L1C62x64.sys 48686C29856F46443952A831424F8D6F C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\lsi_fc.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\lsi_sas.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\lsi_sas2.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\lsi_scsi.sys ==> MD5 is legit C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit C:\Windows\system32\drivers\mbam.sys 0BB97D43299910CBFBA59C461B99B910 C:\Windows\system32\drivers\mbam.sys 0BB97D43299910CBFBA59C461B99B910 C:\Windows\System32\DRIVERS\mcdbus.sys 79D51E7F5926E8CE1B3EBECEBAE28CFF C:\Windows\system32\DRIVERS\megasas.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\MegaSR.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\mod77-64.sys B6187C5F104DA7F2519BB996F9653F01 C:\Windows\System32\drivers\modem.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit C:\Windows\system32\drivers\mrxdav.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\mrxsmb.sys A5D9106A73DC88564C825D317CAC68AC C:\Windows\System32\DRIVERS\mrxsmb10.sys D711B3C1D5F42C0C2415687BE09FC163 C:\Windows\System32\DRIVERS\mrxsmb20.sys 9423E9D355C8D303E76B8CFBD8A5C30C C:\Windows\system32\drivers\msahci.sys ==> MD5 is legit C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit C:\Windows\system32\drivers\mssmbios.sys ==> MD5 is legit C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\MTConfig.sys ==> MD5 is legit C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit C:\Windows\System32\drivers\ndis.sys 760E38053BF56E501D562B70AD796B88 C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\netaapl64.sys 6F4607E2333FE21E9E3FF8133A88B35B C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\nfrd960.sys ==> MD5 is legit C:\Windows\System32\drivers\nmwcdnsux64.sys 9573223E205907247AE6D948E3453770 C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit C:\Windows\SysWow64\npptNT2.sys 9131FE60ADFAB595C8DA53AD6A06AA31 C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit C:\Windows\System32\Drivers\Ntfs.sys B98F8C6E31CD07B2E6F71F7F648E38C0 C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\nusb3hub.sys 786DB821BFD57C0551DBBE4F75384A7D C:\Windows\system32\DRIVERS\nusb3xhc.sys DAA8005CAF745042BB427A1ED7433354 C:\Windows\System32\DRIVERS\nvlddmkm.sys DD81FBC57AB9134CDDC5CE90880BFD80 C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\NxpCap64.sys C64097401081D5D641924E8B96332F75 C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\parport.sys ==> MD5 is legit C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C C:\Windows\System32\drivers\pci.sys ==> MD5 is legit C:\Windows\system32\drivers\pciide.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\pcmcia.sys ==> MD5 is legit C:\Windows\System32\Drivers\pcouffin.sys AF7CE12C4F3DC8CB2B07685C916BBCFE C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\point64.sys 4F0878FD62D5F7444C5F1C4C66D9D293 C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\processr.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\ql2300.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\ql40xx.sys ==> MD5 is legit C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\rdpbus.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit C:\Windows\System32\drivers\rdpvideominiport.sys 313F68E1A3E6345A4F47A36B07062F34 C:\Windows\System32\Drivers\RDPWD.sys E61608AA35E98999AF9AAEEEA6114B0A C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rfcomm.sys 3DD798846E2C28102B922C56E71B7932 C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit C:\Windows\System32\Drivers\RtsUStor.sys 44ED82612403021E36998E1ECB1198F1 C:\Windows\System32\DRIVERS\Rt64win7.sys BAEFEE35D27A5440D35092CE10267BEC C:\Windows\System32\DRIVERS\rtl8192se.sys 8E843C0340C30994161C10FBA87EEA18 C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\serenum.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\serial.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\sermouse.sys ==> MD5 is legit C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\sfloppy.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\SiSRaid2.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\sisraid4.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28 C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3 C:\Windows\system32\DRIVERS\stexstor.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\serscan.sys DECACB6921DED1A38642642685D77DAC C:\Windows\system32\drivers\swenum.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\SynTP.sys 064A2530A4A7C7CEC1BE6A1945645BE4 C:\Windows\System32\DRIVERS\tap0901.sys 4EF44915E522F3ECD1A3FF540AA64126 C:\Windows\System32\drivers\tcpip.sys 9849EA3843A2ADBDD1497E97A85D8CAE C:\Windows\System32\DRIVERS\tcpip.sys 9849EA3843A2ADBDD1497E97A85D8CAE C:\Windows\System32\drivers\tcpipreg.sys 1B16D0BD9841794A6E0CDE0CEF744ABC C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8 C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit C:\Windows\system32\drivers\termdd.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\TrdCap64.sys 023317B4CB35E1E87FC12D43B7BA4864 C:\Windows\System32\DRIVERS\tssecsrv.sys ==> MD5 is legit C:\Windows\System32\drivers\tsusbflt.sys 17C6B51CBCCDED95B3CC14E22791F85E C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys DCC94C51D27C7EC0DADECA8F64C94FCF C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\uagp35.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit C:\Windows\system32\drivers\umbus.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\umpass.sys ==> MD5 is legit C:\Windows\System32\Drivers\usbaapl64.sys C9E9D59C0099A9FF51697E9306A44240 C:\Windows\System32\DRIVERS\usbccgp.sys 6F1A3157A1C89435352CEB543CDB359C C:\Windows\system32\drivers\usbcir.sys ==> MD5 is legit C:\Windows\system32\drivers\usbehci.sys C025055FE7B87701EB042095DF1A2D7B C:\Windows\System32\DRIVERS\usbhub.sys 287C6C9410B111B68B52CA298F7B8C24 C:\Windows\system32\drivers\usbohci.sys 9840FC418B4CBD632D3D0A667A725C31 C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\usbscan.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\USBSTOR.SYS FED648B01349A3C8395A5169DB5FB7D6 C:\Windows\system32\drivers\usbuhci.sys 62069A34518BCF9C1FD9E74B3F6DB7CD C:\Windows\System32\Drivers\usbvideo.sys 454800C2BC7F3927CE030141EE4F4C50 C:\Windows\System32\DRIVERS\usb8023x.sys 7B28E2FBE75115660FAB31079C0A9F29 C:\Windows\System32\DRIVERS\vcsvad.sys 3A4B01C2BDB07DFEF29B0B369487503A C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit C:\Windows\System32\drivers\vga.sys ==> MD5 is legit C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\vsmraid.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\vwifimp.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\wacompen.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\wd.sys ==> MD5 is legit C:\Windows\System32\drivers\Wdf01000.sys 442783E2CB0DA19873B7A63833FF4CB4 C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit C:\Windows\SysWow64\drivers\wimmount.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\WinUsb.sys FE88B288356E7B47B74B13372ADD906D C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659 C:\Windows\System32\Drivers\x10hid.sys BAA813A76F5DB6CC3C2CEAB7D82B6972 C:\Windows\System32\Drivers\x10ufx2.sys A4B2A8751A8F96134BE6063B8A759116 C:\Windows\System32\DRIVERS\xusb21.sys 2EE48CFCE7CA8E0DB4C44C7476C0943B ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-07-29 12:02 - 2013-07-29 12:02 - 01780547 ____C (Farbar) C:\Users\Rolf\Desktop\FRST64.exe 2013-07-29 09:31 - 2013-07-29 09:31 - 01752488 ____C (SurfRight B.V.) C:\Users\Rolf\Downloads\hmpalert.exe 2013-07-29 09:31 - 2013-07-29 09:31 - 01752488 ____C (SurfRight B.V.) C:\Users\Rolf\Downloads\hmpalert (1).exe 2013-07-29 09:31 - 2013-07-29 09:31 - 00533424 ____C (SurfRight) C:\Windows\SysWOW64\hmpalert.dll 2013-07-29 09:31 - 2013-07-29 09:31 - 00488104 ____C (SurfRight) C:\Windows\system32\hmpalert.dll 2013-07-29 09:31 - 2013-07-29 09:31 - 00017416 ____C C:\Windows\system32\Drivers\hmpalert.sys 2013-07-29 09:31 - 2013-07-29 09:31 - 00000000 ___DC C:\Program Files (x86)\HitmanPro.Alert 2013-07-29 09:15 - 2013-07-29 09:19 - 318189568 ____C C:\Users\Rolf\Downloads\kav_rescue_10.iso 2013-07-29 09:09 - 2013-07-29 09:14 - 411041792 ____C C:\Users\Rolf\Downloads\DE-Cleaner-RettungsCDv3.iso 2013-07-28 09:58 - 2013-07-28 19:15 - 00002934 ____C C:\Windows\PFRO.log 2013-07-28 02:38 - 2013-07-28 02:39 - 07876512 ____C (Adobe Systems Inc.) C:\Users\Rolf\Downloads\Shockwave_Installer_Slim.exe 2013-07-28 01:55 - 2013-07-28 03:52 - 00000000 ___DC C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2013-07-28 01:48 - 2013-07-28 01:48 - 00726464 ____C (Enigma Software Group USA, LLC.) C:\Users\Rolf\Downloads\SpyHunter-Installer (1).exe 2013-07-28 01:41 - 2013-07-28 01:54 - 00000000 ___DC C:\ProgramData\ParetoLogic 2013-07-28 01:41 - 2013-07-28 01:41 - 00000000 ___DC C:\Users\Rolf\AppData\Roaming\DriverCure 2013-07-28 01:39 - 2013-07-28 01:40 - 05799944 ____C (ParetoLogic, Inc.) C:\Users\Rolf\Downloads\RegCureProSetup_RW.exe 2013-07-28 01:39 - 2013-07-28 01:39 - 00001205 ____C C:\Users\Rolf\Downloads\FixNCR.reg 2013-07-28 01:29 - 2013-07-28 01:29 - 01440846 ____C C:\Users\Rolf\Downloads\mbam-chameleon-1.62.1.1000.zip 2013-07-28 01:26 - 2013-07-28 01:26 - 13399154 ____C C:\Users\Rolf\Downloads\mbar-1.06.0.1004.zip 2013-07-28 01:24 - 2013-07-28 01:24 - 00204496 ____C (Malwarebytes) C:\Users\Rolf\Downloads\StartUpLite.exe 2013-07-27 20:49 - 2013-07-27 23:51 - 00000000 ___DC C:\ProgramData\HitmanPro 2013-07-27 20:49 - 2013-07-27 20:49 - 00000000 ___DC C:\Program Files\HitmanPro 2013-07-27 19:23 - 2013-07-27 19:23 - 00048384 ____C C:\Users\Rolf\Desktop\Addition.txt 2013-07-27 19:17 - 2013-07-28 10:04 - 00000000 ___DC C:\FRST 2013-07-27 17:43 - 2013-07-27 17:43 - 00002136 ____C C:\Users\Rolf\Downloads\Ashampoo_Burning_Studio_Elements_10.0.9__Setup_+_Keygen.torrent 2013-07-27 17:41 - 2013-07-27 17:41 - 00002182 ____C C:\Users\Rolf\Downloads\[torrent.cd].Ashampoo_Burning_Studio_Elements_10.0.9_Setup_+_Keygen.torrent 2013-07-27 17:00 - 2013-07-27 23:51 - 00000000 ___DC C:\Users\Rolf\AppData\Local\Abelssoft 2013-07-27 17:00 - 2013-07-27 23:51 - 00000000 ___DC C:\Program Files (x86)\MyKeyFinder 2013-07-24 23:52 - 2013-07-24 23:53 - 01392906 ____C C:\Users\Rolf\Downloads\licensecrawler130.zip 2013-07-24 23:52 - 2013-07-24 23:52 - 00022220 ____C C:\Users\Rolf\Downloads\language_pack.zip 2013-07-24 18:40 - 2013-07-27 23:51 - 00000000 ___DC C:\Program Files (x86)\AC3 Player 2013-07-24 18:40 - 2013-07-24 18:40 - 00000000 ____C C:\END 2013-07-24 17:12 - 2013-07-24 17:12 - 00291890 ____C C:\Users\Rolf\Downloads\CraftGuide-1.6.7.3.zip 2013-07-24 17:11 - 2013-07-24 17:11 - 00287669 ____C C:\Users\Rolf\Downloads\CraftGuide-1.6.7.3-modloader.zip 2013-07-24 17:03 - 2013-07-24 17:03 - 00073973 ____C C:\Users\Rolf\Downloads\Railcraft_API_1.5.2-7.3.0.0.zip 2013-07-24 17:02 - 2013-07-24 17:03 - 02513074 ____C C:\Users\Rolf\Downloads\Railcraft_1.5.2-7.3.0.0.jar 2013-07-24 16:58 - 2013-07-24 16:58 - 00025282 ____C C:\Users\Rolf\Downloads\Elemental-Arrows-Mod-1.5.2.zip 2013-07-24 14:56 - 2013-07-24 14:56 - 00001157 ____C C:\DelFix.txt 2013-07-24 14:56 - 2013-07-24 14:56 - 00000000 ___DC C:\Windows\ERUNT 2013-07-24 14:41 - 2013-07-24 14:41 - 21703480 ____C (Mozilla) C:\Users\Rolf\Downloads\Firefox Setup 22.0.exe 2013-07-24 14:08 - 2013-07-24 14:08 - 12931078 ____C C:\Users\Rolf\Downloads\SCFanpackage.zip 2013-07-24 04:21 - 2013-07-24 04:21 - 00001379 ____C C:\Users\Rolf\Desktop\aestool - Verknüpfung.lnk 2013-07-23 23:13 - 2013-07-24 14:54 - 00000000 ___DC C:\Windows\erdnt 2013-07-23 22:52 - 2013-07-23 22:52 - 00246561 ____C C:\Users\Rolf\Downloads\superfish adware mit blockierung des antiviren programs - Trojaner-Board.htm 2013-07-23 22:52 - 2013-07-23 22:52 - 00000000 ___DC C:\Users\Rolf\Downloads\superfish adware mit blockierung des antiviren programs - Trojaner-Board_files 2013-07-23 19:30 - 2013-07-23 19:30 - 00000000 ___DC C:\Users\Rolf\AppData\Roaming\LavasoftStatistics 2013-07-23 19:18 - 2013-07-23 19:18 - 00000000 ___DC C:\ProgramData\Downloaded Installations 2013-07-23 19:17 - 2013-07-23 19:17 - 00000000 ___DC C:\Program Files (x86)\Toolbar Cleaner 2013-07-23 19:14 - 2013-07-23 19:14 - 05616264 ____C (Lavasoft Limited) C:\Users\Rolf\Downloads\Adaware53_Installer.exe 2013-07-23 19:14 - 2013-07-23 19:14 - 00014456 ____C (GFI Software) C:\Windows\system32\Drivers\gfibto.sys 2013-07-23 17:47 - 2013-07-23 17:47 - 07937056 ____C C:\Users\Rolf\Downloads\Nightcore - Dynamite.mp4 2013-07-23 17:46 - 2013-07-23 17:46 - 06018938 ____C C:\Users\Rolf\Downloads\Nightcore - Chipz In Black.mp4 2013-07-23 16:36 - 2013-07-23 16:36 - 00726464 ____C (Enigma Software Group USA, LLC.) C:\Users\Rolf\Downloads\SpyHunter-Installer.exe 2013-07-22 14:52 - 2013-07-22 14:52 - 00000000 ___DC C:\Users\Rolf\Documents\My Games 2013-07-21 12:21 - 2013-07-21 12:26 - 321314481 ____C C:\Users\Rolf\Downloads\Winx Club Staffel 5 Folge 1 Die Ölkatastrophe HD Ganze Folge Deutsch _ German.mp4 2013-07-20 20:13 - 2013-07-20 20:18 - 00000000 ___DC C:\ProgramData\Spybot - Search & Destroy 2013-07-20 20:13 - 2013-07-20 20:13 - 00000000 ___DC C:\Windows\System32\Tasks\Safer-Networking 2013-07-20 18:16 - 2013-07-20 18:34 - 417923699 ____C C:\Users\Rolf\Downloads\OM M.rar 2013-07-20 17:49 - 2013-07-20 17:49 - 00659797 ____C C:\Users\Rolf\Downloads\VisualBoyAdvance-1.8.0-beta3.zip 2013-07-20 17:49 - 2013-07-20 17:49 - 00108176 ____C C:\Users\Rolf\Downloads\Metroid 2 - Return of Samus.zip 2013-07-20 17:43 - 2013-07-20 17:48 - 296225020 ____C C:\Users\Rolf\Downloads\Metroid Prime 3 - Trilogy Remaster.zip 2013-07-20 17:24 - 2013-07-20 17:25 - 36271144 ____C (Safer-Networking Ltd. ) C:\Users\Rolf\Downloads\spybot-2.1.exe 2013-07-20 16:00 - 2013-07-20 16:00 - 00000000 ___DC C:\ProgramData\StarApp 2013-07-20 16:00 - 2013-07-20 16:00 - 00000000 ___DC C:\ProgramData\InstallMate 2013-07-20 15:33 - 2013-07-28 01:27 - 00000000 ___DC C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-07-20 15:33 - 2013-07-20 15:33 - 00001073 ____C C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2013-07-20 15:33 - 2013-04-04 14:50 - 00025928 ____C (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2013-07-20 15:23 - 2013-07-20 15:23 - 10285040 ____C (Malwarebytes Corporation ) C:\Users\Rolf\Downloads\mbam-setup-1.75.0.1300.exe 2013-07-20 02:51 - 2013-07-20 02:51 - 17355680 ____C C:\Users\Rolf\Downloads\Crazy Frog - Popcorn.mp4 2013-07-20 02:45 - 2013-07-20 02:45 - 09920468 ____C C:\Users\Rolf\Downloads\CRAZY FROG - Daddy DJ (Clip Officiel).mp4 2013-07-20 02:41 - 2013-07-20 02:41 - 11178752 ____C C:\Users\Rolf\Downloads\Crazy Frog - We Are The Champions.mp4 2013-07-19 23:19 - 2013-07-19 23:19 - 01492584 ____C (Skype Technologies S.A.) C:\Users\Rolf\Downloads\SkypeSetup.exe 2013-07-19 22:34 - 2013-07-19 22:34 - 04179944 ____C (TeamViewer) C:\Users\Rolf\Downloads\TeamViewerQS_de.exe 2013-07-19 19:04 - 2013-07-19 19:05 - 00000000 ___DC C:\Users\Rolf\Downloads\93655 2013-07-19 18:48 - 2013-07-19 18:48 - 00050433 ____C C:\Users\Rolf\Downloads\convert2mp3_video_converter_1.7.crx 2013-07-19 18:46 - 2013-07-19 18:47 - 16658002 ____C C:\Users\Rolf\Downloads\CH!PZ - 1001 Arabian Nights (HQ) OFFICIAL VIDEO FULL HD.mp4 2013-07-19 18:17 - 2013-07-19 18:57 - 123504950 ____C C:\Users\Rolf\Downloads\BSS0H5eVmj9SFYaw-avXtf0rlxafo5XO6bA85w3nUtU.rar 2013-07-19 12:44 - 2013-07-19 12:51 - 00000000 ___DC C:\Windows\system32\MRT 2013-07-18 22:40 - 2013-07-18 22:40 - 00000182 ____C C:\Users\Rolf\Downloads\stream.asx 2013-07-18 03:02 - 2013-07-18 03:01 - 00927399 ____C C:\Users\Rolf\Downloads\CryptMaster.exe 2013-07-18 02:48 - 2013-07-18 02:48 - 00000000 ___DC C:\Users\Rolf\AppData\Roaming\Unity 2013-07-18 02:08 - 2013-07-18 02:08 - 00000973 ____C C:\Users\Public\Desktop\Anti-Twin.lnk 2013-07-18 02:08 - 2013-07-18 02:08 - 00000000 ___DC C:\Program Files (x86)\AntiTwin 2013-07-18 02:07 - 2013-07-18 02:07 - 00643592 ____C (Unity Technologies ApS) C:\Users\Rolf\Downloads\UnityWebPlayer.exe 2013-07-18 02:07 - 2013-07-18 02:07 - 00000000 ___DC C:\Users\Rolf\AppData\Local\Unity 2013-07-17 15:50 - 2013-07-17 15:50 - 00816474 ____C C:\Users\Rolf\Downloads\AntiTwin_19Beta_Setup.exe 2013-07-16 20:18 - 2013-07-16 20:19 - 01327680 ____C C:\Users\Rolf\Downloads\CryptMaster-Downloader.exe 2013-07-16 18:04 - 2013-07-16 18:04 - 00085204 ____C C:\Users\Rolf\Documents\AdwCleaner[S1] gelöschte adwares.txt 2013-07-16 17:48 - 2013-07-16 17:49 - 00000098 ____C C:\Windows\DeleteOnReboot.bat 2013-07-16 16:03 - 2013-07-16 16:03 - 00018702 ____C C:\Users\Rolf\Downloads\044.crx 2013-07-16 14:14 - 2013-07-16 14:15 - 00000000 ___DC C:\Users\Rolf\Desktop\Bilder 2013-07-15 12:56 - 2013-07-15 12:56 - 00035058 ____C C:\Users\Rolf\Downloads\[FileCopter]turbomodelthingy.zip 2013-07-14 22:35 - 2013-07-14 22:40 - 111769046 ____C C:\Users\Rolf\Downloads\AetherII_Alpha_v1.0.2_MC1.5.1.zip 2013-07-14 22:35 - 2013-07-14 22:35 - 00967536 ____C C:\Users\Rolf\Downloads\AetherII_Alpha_v1.0.2_MC1.5.1.exe 2013-07-14 20:10 - 2013-07-14 20:13 - 03375803 ____C C:\Users\Rolf\Downloads\Industrial-Craft-2-Mod-1.5.2.jar 2013-07-14 19:47 - 2013-07-14 19:47 - 01153651 ____C C:\Users\Rolf\Downloads\Buildcraft Mod 1.5.2.jar 2013-07-14 19:45 - 2013-07-14 19:45 - 00008007 ____C C:\Users\Rolf\Downloads\Atomic-Science-API-1.5.2.zip 2013-07-14 17:24 - 2013-07-14 17:24 - 00967536 ____C C:\Users\Rolf\Downloads\der letzte sommer.exe 2013-07-13 15:12 - 2013-07-27 23:51 - 00000000 ___DC C:\Users\Rolf\AppData\Roaming\.minecraft 2013-07-13 03:17 - 2013-07-13 03:17 - 00000000 ___DC C:\My Games 2013-07-13 03:14 - 2013-07-13 03:14 - 00003006 ____C C:\Windows\System32\Tasks\{3A8EBCFF-7198-49CF-986E-A789C64F20A8} 2013-07-13 00:04 - 2013-07-13 00:04 - 00000000 ___DC C:\ProgramData\Sandlot Games 2013-07-13 00:01 - 2013-07-13 00:01 - 00000000 ___DC C:\Program Files (x86)\Cake Mania 2 2013-07-12 23:58 - 2013-07-12 23:58 - 00000000 ___DC C:\Users\Rolf\AppData\Local\Big Fish 2013-07-12 23:57 - 2013-07-12 23:57 - 00000000 ___DC C:\Boonty 2013-07-12 18:58 - 2013-07-12 18:58 - 00001004 ____C C:\Users\Rolf\Desktop\tatoos - Verknüpfung.lnk 2013-07-11 00:49 - 2013-07-11 00:50 - 19238912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2013-07-11 00:49 - 2013-07-11 00:50 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2013-07-11 00:49 - 2013-07-11 00:50 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-07-11 00:49 - 2013-07-11 00:50 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-07-11 00:49 - 2013-07-11 00:50 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2013-07-11 00:49 - 2013-07-11 00:50 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-07-11 00:49 - 2013-07-11 00:50 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-07-11 00:49 - 2013-07-11 00:50 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2013-07-11 00:49 - 2013-07-11 00:50 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2013-07-11 00:49 - 2013-07-11 00:50 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2013-07-11 00:49 - 2013-07-11 00:50 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-07-11 00:49 - 2013-07-11 00:50 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-07-11 00:49 - 2013-07-11 00:50 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2013-07-11 00:49 - 2013-07-11 00:50 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-07-11 00:49 - 2013-07-11 00:50 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2013-07-11 00:49 - 2013-07-11 00:50 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-07-11 00:49 - 2013-07-11 00:50 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2013-07-11 00:49 - 2013-07-11 00:50 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2013-07-11 00:49 - 2013-07-11 00:50 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-07-11 00:49 - 2013-07-11 00:50 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-07-11 00:49 - 2013-07-11 00:50 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2013-07-11 00:49 - 2013-07-11 00:50 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2013-07-11 00:49 - 2013-07-11 00:50 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe 2013-07-11 00:49 - 2013-07-11 00:50 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2013-07-11 00:49 - 2013-07-11 00:50 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2013-07-11 00:49 - 2013-07-11 00:50 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2013-07-11 00:49 - 2013-07-11 00:50 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2013-07-11 00:49 - 2013-07-11 00:50 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2013-07-11 00:49 - 2013-07-11 00:50 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2013-07-11 00:49 - 2013-07-11 00:50 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-07-11 00:49 - 2013-07-11 00:50 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2013-07-11 00:23 - 2013-07-11 00:50 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL 2013-07-11 00:23 - 2013-07-11 00:50 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL 2013-07-11 00:23 - 2013-07-11 00:50 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll 2013-07-11 00:23 - 2013-07-11 00:50 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll 2013-07-11 00:23 - 2013-07-11 00:38 - 03153920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2013-07-11 00:22 - 2013-07-11 00:31 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll 2013-07-11 00:22 - 2013-07-11 00:31 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll 2013-07-10 17:58 - 2013-07-10 17:59 - 00000078 ____C C:\Users\Rolf\Desktop\bankdaten für bud spencer film.txt 2013-07-10 15:54 - 2013-07-10 15:54 - 00000000 ___DC C:\Users\Rolf\AppData\Roaming\IsolatedStorage 2013-07-10 15:54 - 2013-07-10 15:54 - 00000000 ___DC C:\Users\Rolf\AppData\Local\_ 2013-07-10 15:54 - 2013-07-10 15:54 - 00000000 ___DC C:\ProgramData\IsolatedStorage 2013-07-10 15:53 - 2013-07-10 15:53 - 00000000 ___DC C:\Program Files\FileViewPro 2013-07-10 14:41 - 2013-07-11 00:31 - 00000000 ___DC C:\Program Files (x86)\AudioKonvertor 2013-07-10 14:40 - 2013-07-10 14:39 - 14178136 ____C C:\Users\Rolf\Downloads\install_audiokonvertor.exe 2013-07-10 00:38 - 2013-07-10 00:38 - 00000000 ___DC C:\Program Files (x86)\DVDVideoSoft 2013-07-10 00:27 - 2013-07-10 00:27 - 01211048 ____C (DVDVideoSoft Ltd. ) C:\Users\Rolf\Downloads\FreeYouTubeToMP3Converter.exe 2013-07-08 21:44 - 2013-07-08 21:44 - 00000000 ___DC C:\Users\Rolf\Documents\CrypTool 2 Projects 2013-07-08 21:44 - 2013-07-08 21:44 - 00000000 ___DC C:\Users\Rolf\AppData\Local\Distributed_Systems_Group 2013-07-08 21:42 - 2013-07-08 21:43 - 00000000 ___DC C:\Users\Rolf\Documents\.jcryptool 2013-07-08 21:41 - 2013-07-08 21:42 - 00000000 ___DC C:\Program Files (x86)\JCrypTool 2013-07-08 21:40 - 2013-07-08 21:40 - 00000000 ___DC C:\Users\Rolf\AppData\Local\CrypTool2 2013-07-08 21:39 - 2013-07-08 21:39 - 00000000 ___DC C:\Program Files (x86)\CrypTool 2 2013-07-05 12:32 - 2013-07-05 12:32 - 00012641 ____C C:\Users\Rolf\Downloads\YoutubeAutoHD.oex 2013-07-05 12:27 - 2013-07-05 12:27 - 00001701 ____C C:\Users\Rolf\Desktop\preisliste schulbücher.txt 2013-07-04 20:44 - 2013-07-06 15:41 - 00000049 ____C C:\Windows\NeroDigital.ini 2013-07-03 18:33 - 2013-07-03 18:33 - 00000835 ____C C:\Users\Public\Desktop\VLC media player.lnk 2013-07-03 18:25 - 2013-07-03 18:27 - 00000000 ___DC C:\Users\Rolf\Downloads\Koenigin.der.Verdammten.German.2002.AC3.DVDRiP.XViD.iNTERNAL-CiA 2013-07-02 13:32 - 2013-07-02 13:32 - 00739856 ____C (Google Inc.) C:\Users\Rolf\Downloads\chrome_installer_27.0.1453.116.exe 2013-07-02 13:31 - 2013-07-02 13:31 - 00219614 ____C C:\Users\Rolf\Documents\bookmarks_02.07.13.html 2013-06-30 13:11 - 2013-07-06 15:37 - 00000033 ____C C:\Users\Rolf\Desktop\BARsaufbienes Radio.m3u 2013-06-30 12:10 - 2013-06-30 12:15 - 00000000 ___DC C:\ProgramData\BlueStacksSetup 2013-06-29 00:31 - 2013-07-16 16:51 - 00000572 ____C C:\Users\Rolf\AppData\Roaming\AutoGK.ini 2013-06-29 00:27 - 2013-06-29 00:27 - 00000000 ___DC C:\Users\Rolf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AviSynth 2.5 2013-06-29 00:27 - 2013-06-29 00:27 - 00000000 ___DC C:\Program Files (x86)\XviD 2013-06-29 00:27 - 2013-06-29 00:27 - 00000000 ___DC C:\Program Files (x86)\AviSynth 2.5 2013-06-29 00:25 - 2013-06-29 00:25 - 00000000 ___DC C:\Users\Rolf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VobSub 2013-06-29 00:25 - 2013-06-29 00:25 - 00000000 ___DC C:\Program Files (x86)\Gabest 2013-06-29 00:23 - 2013-06-29 00:23 - 12341641 ____C C:\Users\Rolf\Downloads\AutoGordianKnot.2.55.Setup.exe ==================== One Month Modified Files and Folders ======= 2013-07-29 12:02 - 2013-07-29 12:02 - 01780547 ____C (Farbar) C:\Users\Rolf\Desktop\FRST64.exe 2013-07-29 12:02 - 2012-07-22 16:21 - 00000000 ___DC C:\ProgramData\Kaspersky Lab 2013-07-29 11:28 - 2012-07-06 15:53 - 00000000 __RDC C:\Users\Rolf\Dropbox 2013-07-29 10:41 - 2012-07-02 19:38 - 00000000 ___DC C:\Users\Rolf\AppData\Local\CrashDumps 2013-07-29 09:31 - 2013-07-29 09:31 - 01752488 ____C (SurfRight B.V.) C:\Users\Rolf\Downloads\hmpalert.exe 2013-07-29 09:31 - 2013-07-29 09:31 - 01752488 ____C (SurfRight B.V.) C:\Users\Rolf\Downloads\hmpalert (1).exe 2013-07-29 09:31 - 2013-07-29 09:31 - 00533424 ____C (SurfRight) C:\Windows\SysWOW64\hmpalert.dll 2013-07-29 09:31 - 2013-07-29 09:31 - 00488104 ____C (SurfRight) C:\Windows\system32\hmpalert.dll 2013-07-29 09:31 - 2013-07-29 09:31 - 00017416 ____C C:\Windows\system32\Drivers\hmpalert.sys 2013-07-29 09:31 - 2013-07-29 09:31 - 00000000 ___DC C:\Program Files (x86)\HitmanPro.Alert 2013-07-29 09:19 - 2013-07-29 09:15 - 318189568 ____C C:\Users\Rolf\Downloads\kav_rescue_10.iso 2013-07-29 09:14 - 2013-07-29 09:09 - 411041792 ____C C:\Users\Rolf\Downloads\DE-Cleaner-RettungsCDv3.iso 2013-07-29 08:04 - 2013-06-10 13:43 - 00000000 ____C C:\Windows\system32\Ikeext.etl 2013-07-28 19:15 - 2013-07-28 09:58 - 00002934 ____C C:\Windows\PFRO.log 2013-07-28 17:35 - 2012-03-05 21:07 - 00000000 __RDC C:\Users\Rolf\Desktop\Dj Musik 2013-07-28 10:04 - 2013-07-27 19:17 - 00000000 ___DC C:\FRST 2013-07-28 10:04 - 2010-05-12 10:18 - 04665072 ____C C:\Windows\system32\perfh007.dat 2013-07-28 10:04 - 2010-05-12 10:18 - 01418588 ____C C:\Windows\system32\perfc007.dat 2013-07-28 10:04 - 2009-07-14 07:13 - 00006508 ____C C:\Windows\system32\PerfStringBackup.INI 2013-07-28 04:26 - 2011-01-23 15:15 - 01497146 ____C C:\Windows\WindowsUpdate.log 2013-07-28 03:52 - 2013-07-28 01:55 - 00000000 ___DC C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2013-07-28 02:39 - 2013-07-28 02:38 - 07876512 ____C (Adobe Systems Inc.) C:\Users\Rolf\Downloads\Shockwave_Installer_Slim.exe 2013-07-28 02:39 - 2011-09-10 14:06 - 00000000 ___DC C:\Windows\SysWOW64\Adobe 2013-07-28 01:54 - 2013-07-28 01:41 - 00000000 ___DC C:\ProgramData\ParetoLogic 2013-07-28 01:48 - 2013-07-28 01:48 - 00726464 ____C (Enigma Software Group USA, LLC.) C:\Users\Rolf\Downloads\SpyHunter-Installer (1).exe 2013-07-28 01:41 - 2013-07-28 01:41 - 00000000 ___DC C:\Users\Rolf\AppData\Roaming\DriverCure 2013-07-28 01:40 - 2013-07-28 01:39 - 05799944 ____C (ParetoLogic, Inc.) C:\Users\Rolf\Downloads\RegCureProSetup_RW.exe 2013-07-28 01:39 - 2013-07-28 01:39 - 00001205 ____C C:\Users\Rolf\Downloads\FixNCR.reg 2013-07-28 01:29 - 2013-07-28 01:29 - 01440846 ____C C:\Users\Rolf\Downloads\mbam-chameleon-1.62.1.1000.zip 2013-07-28 01:27 - 2013-07-20 15:33 - 00000000 ___DC C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-07-28 01:26 - 2013-07-28 01:26 - 13399154 ____C C:\Users\Rolf\Downloads\mbar-1.06.0.1004.zip 2013-07-28 01:24 - 2013-07-28 01:24 - 00204496 ____C (Malwarebytes) C:\Users\Rolf\Downloads\StartUpLite.exe 2013-07-28 00:36 - 2011-11-05 20:53 - 00000000 ___DC C:\Users\Rolf\AppData\Local\PMB Files 2013-07-28 00:02 - 2012-07-05 23:22 - 00000000 ___DC C:\Users\Rolf\AppData\Roaming\Dropbox 2013-07-27 23:55 - 2009-07-14 05:20 - 00000000 ___DC C:\Windows\tracing 2013-07-27 23:52 - 2012-04-13 16:39 - 00060926 ____C C:\Windows\setupact.log 2013-07-27 23:52 - 2011-01-23 15:21 - 00000000 ___DC C:\Users\Rolf 2013-07-27 23:52 - 2009-07-14 07:32 - 00000000 ___DC C:\Program Files\Windows Defender 2013-07-27 23:52 - 2009-07-14 07:08 - 00000006 ___HC C:\Windows\Tasks\SA.DAT 2013-07-27 23:51 - 2013-07-27 20:49 - 00000000 ___DC C:\ProgramData\HitmanPro 2013-07-27 23:51 - 2013-07-27 17:00 - 00000000 ___DC C:\Users\Rolf\AppData\Local\Abelssoft 2013-07-27 23:51 - 2013-07-27 17:00 - 00000000 ___DC C:\Program Files (x86)\MyKeyFinder 2013-07-27 23:51 - 2013-07-24 18:40 - 00000000 ___DC C:\Program Files (x86)\AC3 Player 2013-07-27 23:51 - 2013-07-13 15:12 - 00000000 ___DC C:\Users\Rolf\AppData\Roaming\.minecraft 2013-07-27 23:51 - 2013-03-24 14:12 - 00000000 ___DC C:\Users\Rolf\AppData\Roaming\vlc 2013-07-27 23:51 - 2013-03-18 22:28 - 00000000 ___DC C:\Users\Rolf\AppData\Roaming\PowerMp3WmaConverter 2013-07-27 23:51 - 2013-03-01 02:14 - 00000000 ___DC C:\Program Files\DivX 2013-07-27 23:51 - 2013-03-01 02:11 - 00000000 ___DC C:\Program Files (x86)\DivX 2013-07-27 23:51 - 2013-03-01 02:10 - 00000000 ___DC C:\ProgramData\DivX 2013-07-27 23:51 - 2012-12-12 20:13 - 00000000 __RDC C:\Program Files (x86)\Skype 2013-07-27 23:51 - 2012-11-09 17:09 - 00000000 ___DC C:\Program Files (x86)\Mozilla Maintenance Service 2013-07-27 23:51 - 2011-11-10 12:25 - 00000000 ___DC C:\Users\Rolf\AppData\Local\Akamai 2013-07-27 23:51 - 2011-01-23 15:22 - 00000000 __RDC C:\Users\Rolf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2013-07-27 23:51 - 2010-11-02 11:41 - 00000000 ___DC C:\Windows\SysWOW64\Macromed 2013-07-27 23:51 - 2009-07-14 05:20 - 00000000 ___DC C:\Windows\AppCompat 2013-07-27 23:50 - 2009-07-14 05:20 - 00000000 ___DC C:\Windows\registration 2013-07-27 23:44 - 2011-11-04 20:55 - 00000000 ___DC C:\ProgramData\Skype 2013-07-27 23:44 - 2011-01-23 18:34 - 00000000 ___DC C:\Users\Rolf\AppData\Local\Adobe 2013-07-27 20:49 - 2013-07-27 20:49 - 00000000 ___DC C:\Program Files\HitmanPro 2013-07-27 19:23 - 2013-07-27 19:23 - 00048384 ____C C:\Users\Rolf\Desktop\Addition.txt 2013-07-27 17:43 - 2013-07-27 17:43 - 00002136 ____C C:\Users\Rolf\Downloads\Ashampoo_Burning_Studio_Elements_10.0.9__Setup_+_Keygen.torrent 2013-07-27 17:41 - 2013-07-27 17:41 - 00002182 ____C C:\Users\Rolf\Downloads\[torrent.cd].Ashampoo_Burning_Studio_Elements_10.0.9_Setup_+_Keygen.torrent 2013-07-27 01:46 - 2013-03-16 19:34 - 00000000 ___DC C:\ProgramData\firebird 2013-07-25 16:07 - 2009-07-14 06:45 - 00009888 ___HC C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-07-25 16:07 - 2009-07-14 06:45 - 00009888 ___HC C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-07-24 23:53 - 2013-07-24 23:52 - 01392906 ____C C:\Users\Rolf\Downloads\licensecrawler130.zip 2013-07-24 23:52 - 2013-07-24 23:52 - 00022220 ____C C:\Users\Rolf\Downloads\language_pack.zip 2013-07-24 18:40 - 2013-07-24 18:40 - 00000000 ____C C:\END 2013-07-24 17:12 - 2013-07-24 17:12 - 00291890 ____C C:\Users\Rolf\Downloads\CraftGuide-1.6.7.3.zip 2013-07-24 17:11 - 2013-07-24 17:11 - 00287669 ____C C:\Users\Rolf\Downloads\CraftGuide-1.6.7.3-modloader.zip 2013-07-24 17:03 - 2013-07-24 17:03 - 00073973 ____C C:\Users\Rolf\Downloads\Railcraft_API_1.5.2-7.3.0.0.zip 2013-07-24 17:03 - 2013-07-24 17:02 - 02513074 ____C C:\Users\Rolf\Downloads\Railcraft_1.5.2-7.3.0.0.jar 2013-07-24 16:58 - 2013-07-24 16:58 - 00025282 ____C C:\Users\Rolf\Downloads\Elemental-Arrows-Mod-1.5.2.zip 2013-07-24 14:56 - 2013-07-24 14:56 - 00001157 ____C C:\DelFix.txt 2013-07-24 14:56 - 2013-07-24 14:56 - 00000000 ___DC C:\Windows\ERUNT 2013-07-24 14:54 - 2013-07-23 23:13 - 00000000 ___DC C:\Windows\erdnt 2013-07-24 14:43 - 2012-11-09 17:10 - 00001111 ____C C:\Users\Public\Desktop\Mozilla Firefox.lnk 2013-07-24 14:43 - 2011-01-27 10:56 - 00000000 ___DC C:\Program Files (x86)\Mozilla Firefox 2013-07-24 14:41 - 2013-07-24 14:41 - 21703480 ____C (Mozilla) C:\Users\Rolf\Downloads\Firefox Setup 22.0.exe 2013-07-24 14:30 - 2010-10-13 12:37 - 00000000 ___DC C:\Program Files\Java 2013-07-24 14:13 - 2012-04-08 12:37 - 00000884 ____C C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-07-24 14:08 - 2013-07-24 14:08 - 12931078 ____C C:\Users\Rolf\Downloads\SCFanpackage.zip 2013-07-24 04:21 - 2013-07-24 04:21 - 00001379 ____C C:\Users\Rolf\Desktop\aestool - Verknüpfung.lnk 2013-07-24 00:02 - 2009-07-14 05:20 - 00000000 _RHDC C:\Users\Default 2013-07-23 23:46 - 2009-07-14 04:34 - 00000215 ____C C:\Windows\system.ini 2013-07-23 22:52 - 2013-07-23 22:52 - 00246561 ____C C:\Users\Rolf\Downloads\superfish adware mit blockierung des antiviren programs - Trojaner-Board.htm 2013-07-23 22:52 - 2013-07-23 22:52 - 00000000 ___DC C:\Users\Rolf\Downloads\superfish adware mit blockierung des antiviren programs - Trojaner-Board_files 2013-07-23 22:44 - 2013-06-26 17:09 - 00000000 ___DC C:\Program Files (x86)\Plus-HD-1.6 2013-07-23 19:30 - 2013-07-23 19:30 - 00000000 ___DC C:\Users\Rolf\AppData\Roaming\LavasoftStatistics 2013-07-23 19:18 - 2013-07-23 19:18 - 00000000 ___DC C:\ProgramData\Downloaded Installations 2013-07-23 19:17 - 2013-07-23 19:17 - 00000000 ___DC C:\Program Files (x86)\Toolbar Cleaner 2013-07-23 19:14 - 2013-07-23 19:14 - 05616264 ____C (Lavasoft Limited) C:\Users\Rolf\Downloads\Adaware53_Installer.exe 2013-07-23 19:14 - 2013-07-23 19:14 - 00014456 ____C (GFI Software) C:\Windows\system32\Drivers\gfibto.sys 2013-07-23 19:14 - 2009-07-14 05:20 - 00000000 ___DC C:\Windows\system32\NDF 2013-07-23 17:53 - 2013-04-28 14:43 - 00000000 ___DC C:\Users\Rolf\Desktop\sound fx daten 2013-07-23 17:53 - 2011-01-23 15:24 - 00003934 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{0AF23A97-653E-4B26-A3DD-52F6F8B9DA00} 2013-07-23 17:47 - 2013-07-23 17:47 - 07937056 ____C C:\Users\Rolf\Downloads\Nightcore - Dynamite.mp4 2013-07-23 17:46 - 2013-07-23 17:46 - 06018938 ____C C:\Users\Rolf\Downloads\Nightcore - Chipz In Black.mp4 2013-07-23 16:36 - 2013-07-23 16:36 - 00726464 ____C (Enigma Software Group USA, LLC.) C:\Users\Rolf\Downloads\SpyHunter-Installer.exe 2013-07-22 14:52 - 2013-07-22 14:52 - 00000000 ___DC C:\Users\Rolf\Documents\My Games 2013-07-21 12:26 - 2013-07-21 12:21 - 321314481 ____C C:\Users\Rolf\Downloads\Winx Club Staffel 5 Folge 1 Die Ölkatastrophe HD Ganze Folge Deutsch _ German.mp4 2013-07-20 20:18 - 2013-07-20 20:13 - 00000000 ___DC C:\ProgramData\Spybot - Search & Destroy 2013-07-20 20:13 - 2013-07-20 20:13 - 00000000 ___DC C:\Windows\System32\Tasks\Safer-Networking 2013-07-20 19:51 - 2011-10-25 19:43 - 00000000 ___DC C:\Users\Rolf\AppData\Roaming\WinRAR 2013-07-20 18:34 - 2013-07-20 18:16 - 417923699 ____C C:\Users\Rolf\Downloads\OM M.rar 2013-07-20 17:49 - 2013-07-20 17:49 - 00659797 ____C C:\Users\Rolf\Downloads\VisualBoyAdvance-1.8.0-beta3.zip 2013-07-20 17:49 - 2013-07-20 17:49 - 00108176 ____C C:\Users\Rolf\Downloads\Metroid 2 - Return of Samus.zip 2013-07-20 17:48 - 2013-07-20 17:43 - 296225020 ____C C:\Users\Rolf\Downloads\Metroid Prime 3 - Trilogy Remaster.zip 2013-07-20 17:25 - 2013-07-20 17:24 - 36271144 ____C (Safer-Networking Ltd. ) C:\Users\Rolf\Downloads\spybot-2.1.exe 2013-07-20 16:00 - 2013-07-20 16:00 - 00000000 ___DC C:\ProgramData\StarApp 2013-07-20 16:00 - 2013-07-20 16:00 - 00000000 ___DC C:\ProgramData\InstallMate 2013-07-20 15:33 - 2013-07-20 15:33 - 00001073 ____C C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2013-07-20 15:23 - 2013-07-20 15:23 - 10285040 ____C (Malwarebytes Corporation ) C:\Users\Rolf\Downloads\mbam-setup-1.75.0.1300.exe 2013-07-20 02:51 - 2013-07-20 02:51 - 17355680 ____C C:\Users\Rolf\Downloads\Crazy Frog - Popcorn.mp4 2013-07-20 02:45 - 2013-07-20 02:45 - 09920468 ____C C:\Users\Rolf\Downloads\CRAZY FROG - Daddy DJ (Clip Officiel).mp4 2013-07-20 02:41 - 2013-07-20 02:41 - 11178752 ____C C:\Users\Rolf\Downloads\Crazy Frog - We Are The Champions.mp4 2013-07-19 23:19 - 2013-07-19 23:19 - 01492584 ____C (Skype Technologies S.A.) C:\Users\Rolf\Downloads\SkypeSetup.exe 2013-07-19 22:34 - 2013-07-19 22:34 - 04179944 ____C (TeamViewer) C:\Users\Rolf\Downloads\TeamViewerQS_de.exe 2013-07-19 19:05 - 2013-07-19 19:04 - 00000000 ___DC C:\Users\Rolf\Downloads\93655 2013-07-19 18:57 - 2013-07-19 18:17 - 123504950 ____C C:\Users\Rolf\Downloads\BSS0H5eVmj9SFYaw-avXtf0rlxafo5XO6bA85w3nUtU.rar 2013-07-19 18:48 - 2013-07-19 18:48 - 00050433 ____C C:\Users\Rolf\Downloads\convert2mp3_video_converter_1.7.crx 2013-07-19 18:47 - 2013-07-19 18:46 - 16658002 ____C C:\Users\Rolf\Downloads\CH!PZ - 1001 Arabian Nights (HQ) OFFICIAL VIDEO FULL HD.mp4 2013-07-19 12:51 - 2013-07-19 12:44 - 00000000 ___DC C:\Windows\system32\MRT 2013-07-18 22:40 - 2013-07-18 22:40 - 00000182 ____C C:\Users\Rolf\Downloads\stream.asx 2013-07-18 03:01 - 2013-07-18 03:02 - 00927399 ____C C:\Users\Rolf\Downloads\CryptMaster.exe 2013-07-18 02:59 - 2013-04-28 14:43 - 00000000 ___DC C:\Users\Rolf\Desktop\tevion usb stick daten 2013-07-18 02:48 - 2013-07-18 02:48 - 00000000 ___DC C:\Users\Rolf\AppData\Roaming\Unity 2013-07-18 02:08 - 2013-07-18 02:08 - 00000973 ____C C:\Users\Public\Desktop\Anti-Twin.lnk 2013-07-18 02:08 - 2013-07-18 02:08 - 00000000 ___DC C:\Program Files (x86)\AntiTwin 2013-07-18 02:07 - 2013-07-18 02:07 - 00643592 ____C (Unity Technologies ApS) C:\Users\Rolf\Downloads\UnityWebPlayer.exe 2013-07-18 02:07 - 2013-07-18 02:07 - 00000000 ___DC C:\Users\Rolf\AppData\Local\Unity 2013-07-17 15:50 - 2013-07-17 15:50 - 00816474 ____C C:\Users\Rolf\Downloads\AntiTwin_19Beta_Setup.exe 2013-07-16 20:19 - 2013-07-16 20:18 - 01327680 ____C C:\Users\Rolf\Downloads\CryptMaster-Downloader.exe 2013-07-16 18:04 - 2013-07-16 18:04 - 00085204 ____C C:\Users\Rolf\Documents\AdwCleaner[S1] gelöschte adwares.txt 2013-07-16 17:49 - 2013-07-16 17:48 - 00000098 ____C C:\Windows\DeleteOnReboot.bat 2013-07-16 16:51 - 2013-06-29 00:31 - 00000572 ____C C:\Users\Rolf\AppData\Roaming\AutoGK.ini 2013-07-16 16:03 - 2013-07-16 16:03 - 00018702 ____C C:\Users\Rolf\Downloads\044.crx 2013-07-16 15:51 - 2011-01-23 15:21 - 00000000 ___DC C:\Users\Rolf\AppData\Local\VirtualStore 2013-07-16 14:15 - 2013-07-16 14:14 - 00000000 ___DC C:\Users\Rolf\Desktop\Bilder 2013-07-15 12:56 - 2013-07-15 12:56 - 00035058 ____C C:\Users\Rolf\Downloads\[FileCopter]turbomodelthingy.zip 2013-07-14 22:40 - 2013-07-14 22:35 - 111769046 ____C C:\Users\Rolf\Downloads\AetherII_Alpha_v1.0.2_MC1.5.1.zip 2013-07-14 22:35 - 2013-07-14 22:35 - 00967536 ____C C:\Users\Rolf\Downloads\AetherII_Alpha_v1.0.2_MC1.5.1.exe 2013-07-14 20:13 - 2013-07-14 20:10 - 03375803 ____C C:\Users\Rolf\Downloads\Industrial-Craft-2-Mod-1.5.2.jar 2013-07-14 19:47 - 2013-07-14 19:47 - 01153651 ____C C:\Users\Rolf\Downloads\Buildcraft Mod 1.5.2.jar 2013-07-14 19:45 - 2013-07-14 19:45 - 00008007 ____C C:\Users\Rolf\Downloads\Atomic-Science-API-1.5.2.zip 2013-07-14 19:01 - 2011-12-01 13:17 - 00000000 ___DC C:\Users\Rolf\AppData\Roaming\ObviousIdea 2013-07-14 17:24 - 2013-07-14 17:24 - 00967536 ____C C:\Users\Rolf\Downloads\der letzte sommer.exe 2013-07-14 15:31 - 2012-04-08 12:37 - 00692104 ____C (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-07-14 15:31 - 2012-04-08 12:37 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2013-07-14 15:31 - 2011-07-28 16:06 - 00071048 ____C (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-07-14 14:48 - 2011-01-23 15:18 - 00001110 ____C C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-07-14 14:48 - 2011-01-23 15:18 - 00001106 ____C C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-07-13 09:57 - 2011-01-23 15:18 - 00004108 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2013-07-13 09:57 - 2011-01-23 15:18 - 00003856 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2013-07-13 03:18 - 2011-10-29 23:19 - 00000000 ___DC C:\Users\Rolf\AppData\Roaming\PlayFirst 2013-07-13 03:18 - 2011-10-29 23:19 - 00000000 ___DC C:\ProgramData\PlayFirst 2013-07-13 03:17 - 2013-07-13 03:17 - 00000000 ___DC C:\My Games 2013-07-13 03:16 - 2011-09-15 12:22 - 00000000 ___DC C:\Program Files (x86)\Zylom Games 2013-07-13 03:14 - 2013-07-13 03:14 - 00003006 ____C C:\Windows\System32\Tasks\{3A8EBCFF-7198-49CF-986E-A789C64F20A8} 2013-07-13 00:04 - 2013-07-13 00:04 - 00000000 ___DC C:\ProgramData\Sandlot Games 2013-07-13 00:01 - 2013-07-13 00:01 - 00000000 ___DC C:\Program Files (x86)\Cake Mania 2 2013-07-12 23:58 - 2013-07-12 23:58 - 00000000 ___DC C:\Users\Rolf\AppData\Local\Big Fish 2013-07-12 23:57 - 2013-07-12 23:57 - 00000000 ___DC C:\Boonty 2013-07-12 18:58 - 2013-07-12 18:58 - 00001004 ____C C:\Users\Rolf\Desktop\tatoos - Verknüpfung.lnk 2013-07-11 23:57 - 2012-01-02 21:17 - 00000000 ___DC C:\Users\Rolf\AppData\Roaming\Utherverse 2013-07-11 03:20 - 2009-07-14 06:45 - 08769616 ____C C:\Windows\system32\FNTCACHE.DAT 2013-07-11 03:17 - 2013-03-13 20:55 - 00000000 ___DC C:\Program Files\Microsoft Silverlight 2013-07-11 03:17 - 2013-03-13 20:55 - 00000000 ___DC C:\Program Files (x86)\Microsoft Silverlight 2013-07-11 03:16 - 2009-07-14 09:45 - 00000000 ___DC C:\Program Files\Windows Journal 2013-07-11 03:16 - 2009-07-14 07:32 - 00000000 ___DC C:\Program Files (x86)\Windows Defender 2013-07-11 00:57 - 2009-07-14 04:34 - 00000534 ____C C:\Windows\win.ini 2013-07-11 00:50 - 2013-07-11 00:49 - 19238912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2013-07-11 00:50 - 2013-07-11 00:49 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2013-07-11 00:50 - 2013-07-11 00:49 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-07-11 00:50 - 2013-07-11 00:49 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-07-11 00:50 - 2013-07-11 00:49 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2013-07-11 00:50 - 2013-07-11 00:49 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-07-11 00:50 - 2013-07-11 00:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-07-11 00:50 - 2013-07-11 00:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2013-07-11 00:50 - 2013-07-11 00:49 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2013-07-11 00:50 - 2013-07-11 00:49 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2013-07-11 00:50 - 2013-07-11 00:49 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-07-11 00:50 - 2013-07-11 00:49 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-07-11 00:50 - 2013-07-11 00:49 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2013-07-11 00:50 - 2013-07-11 00:49 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-07-11 00:50 - 2013-07-11 00:49 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2013-07-11 00:50 - 2013-07-11 00:49 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-07-11 00:50 - 2013-07-11 00:49 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2013-07-11 00:50 - 2013-07-11 00:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2013-07-11 00:50 - 2013-07-11 00:49 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-07-11 00:50 - 2013-07-11 00:49 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-07-11 00:50 - 2013-07-11 00:49 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2013-07-11 00:50 - 2013-07-11 00:49 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2013-07-11 00:50 - 2013-07-11 00:49 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe 2013-07-11 00:50 - 2013-07-11 00:49 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2013-07-11 00:50 - 2013-07-11 00:49 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2013-07-11 00:50 - 2013-07-11 00:49 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2013-07-11 00:50 - 2013-07-11 00:49 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2013-07-11 00:50 - 2013-07-11 00:49 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2013-07-11 00:50 - 2013-07-11 00:49 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2013-07-11 00:50 - 2013-07-11 00:49 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-07-11 00:50 - 2013-07-11 00:49 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2013-07-11 00:50 - 2013-07-11 00:23 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL 2013-07-11 00:50 - 2013-07-11 00:23 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL 2013-07-11 00:50 - 2013-07-11 00:23 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll 2013-07-11 00:50 - 2013-07-11 00:23 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll 2013-07-11 00:38 - 2013-07-11 00:23 - 03153920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2013-07-11 00:31 - 2013-07-11 00:22 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll 2013-07-11 00:31 - 2013-07-11 00:22 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll 2013-07-11 00:31 - 2013-07-10 14:41 - 00000000 ___DC C:\Program Files (x86)\AudioKonvertor 2013-07-10 17:59 - 2013-07-10 17:58 - 00000078 ____C C:\Users\Rolf\Desktop\bankdaten für bud spencer film.txt 2013-07-10 15:54 - 2013-07-10 15:54 - 00000000 ___DC C:\Users\Rolf\AppData\Roaming\IsolatedStorage 2013-07-10 15:54 - 2013-07-10 15:54 - 00000000 ___DC C:\Users\Rolf\AppData\Local\_ 2013-07-10 15:54 - 2013-07-10 15:54 - 00000000 ___DC C:\ProgramData\IsolatedStorage 2013-07-10 15:53 - 2013-07-10 15:53 - 00000000 ___DC C:\Program Files\FileViewPro 2013-07-10 14:39 - 2013-07-10 14:40 - 14178136 ____C C:\Users\Rolf\Downloads\install_audiokonvertor.exe 2013-07-10 00:38 - 2013-07-10 00:38 - 00000000 ___DC C:\Program Files (x86)\DVDVideoSoft 2013-07-10 00:38 - 2013-05-04 21:27 - 00001362 ____C C:\Users\Public\Desktop\Free YouTube to MP3 Converter.lnk 2013-07-10 00:38 - 2011-10-09 16:41 - 00000000 ___DC C:\Users\Rolf\AppData\Roaming\DVDVideoSoft 2013-07-10 00:27 - 2013-07-10 00:27 - 01211048 ____C (DVDVideoSoft Ltd. ) C:\Users\Rolf\Downloads\FreeYouTubeToMP3Converter.exe 2013-07-08 21:44 - 2013-07-08 21:44 - 00000000 ___DC C:\Users\Rolf\Documents\CrypTool 2 Projects 2013-07-08 21:44 - 2013-07-08 21:44 - 00000000 ___DC C:\Users\Rolf\AppData\Local\Distributed_Systems_Group 2013-07-08 21:43 - 2013-07-08 21:42 - 00000000 ___DC C:\Users\Rolf\Documents\.jcryptool 2013-07-08 21:42 - 2013-07-08 21:41 - 00000000 ___DC C:\Program Files (x86)\JCrypTool 2013-07-08 21:40 - 2013-07-08 21:40 - 00000000 ___DC C:\Users\Rolf\AppData\Local\CrypTool2 2013-07-08 21:39 - 2013-07-08 21:39 - 00000000 ___DC C:\Program Files (x86)\CrypTool 2 2013-07-06 15:41 - 2013-07-04 20:44 - 00000049 ____C C:\Windows\NeroDigital.ini 2013-07-06 15:37 - 2013-06-30 13:11 - 00000033 ____C C:\Users\Rolf\Desktop\BARsaufbienes Radio.m3u 2013-07-05 12:32 - 2013-07-05 12:32 - 00012641 ____C C:\Users\Rolf\Downloads\YoutubeAutoHD.oex 2013-07-05 12:27 - 2013-07-05 12:27 - 00001701 ____C C:\Users\Rolf\Desktop\preisliste schulbücher.txt 2013-07-03 18:33 - 2013-07-03 18:33 - 00000835 ____C C:\Users\Public\Desktop\VLC media player.lnk 2013-07-03 18:27 - 2013-07-03 18:25 - 00000000 ___DC C:\Users\Rolf\Downloads\Koenigin.der.Verdammten.German.2002.AC3.DVDRiP.XViD.iNTERNAL-CiA 2013-07-02 13:33 - 2011-01-23 15:23 - 00000000 ___DC C:\Users\Rolf\AppData\Local\Google 2013-07-02 13:32 - 2013-07-02 13:32 - 00739856 ____C (Google Inc.) C:\Users\Rolf\Downloads\chrome_installer_27.0.1453.116.exe 2013-07-02 13:31 - 2013-07-02 13:31 - 00219614 ____C C:\Users\Rolf\Documents\bookmarks_02.07.13.html 2013-07-02 01:07 - 2013-06-26 02:02 - 00000000 _SHDC C:\Windows\SysWOW64\AI_RecycleBin 2013-07-02 01:06 - 2013-06-26 02:20 - 00000000 ___DC C:\Users\Rolf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AeriaGames 2013-07-02 01:06 - 2011-10-13 01:25 - 00000000 ___DC C:\AeriaGames 2013-07-02 00:46 - 2009-07-14 05:20 - 00000000 _RHDC C:\Users\Public\Libraries 2013-06-30 12:15 - 2013-06-30 12:10 - 00000000 ___DC C:\ProgramData\BlueStacksSetup 2013-06-29 19:46 - 2013-03-25 18:31 - 00000000 ___DC C:\Users\Rolf\AppData\Roaming\dvdcss 2013-06-29 11:36 - 2012-10-22 23:07 - 00000000 ___DC C:\Users\Rolf\AppData\Roaming\TS3Client 2013-06-29 02:26 - 2012-07-01 17:06 - 00003704 _____ C:\Windows\System32\Tasks\Java Update Scheduler 2013-06-29 00:27 - 2013-06-29 00:27 - 00000000 ___DC C:\Users\Rolf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AviSynth 2.5 2013-06-29 00:27 - 2013-06-29 00:27 - 00000000 ___DC C:\Program Files (x86)\XviD 2013-06-29 00:27 - 2013-06-29 00:27 - 00000000 ___DC C:\Program Files (x86)\AviSynth 2.5 2013-06-29 00:25 - 2013-06-29 00:25 - 00000000 ___DC C:\Users\Rolf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VobSub 2013-06-29 00:25 - 2013-06-29 00:25 - 00000000 ___DC C:\Program Files (x86)\Gabest 2013-06-29 00:23 - 2013-06-29 00:23 - 12341641 ____C C:\Users\Rolf\Downloads\AutoGordianKnot.2.55.Setup.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== BCD ================================ Windows-Start-Manager --------------------- Bezeichner {bootmgr} device partition=\Device\HarddiskVolume1 description Windows Boot Manager locale de-DE inherit {globalsettings} default {current} resumeobject {0013713f-26e7-11e0-8113-c852da81b508} displayorder {current} toolsdisplayorder {memdiag} timeout 30 Windows-Startladeprogramm ------------------------- Bezeichner {current} device partition=C: path \Windows\system32\winload.exe description Windows 7 locale de-DE inherit {bootloadersettings} recoverysequence {00137141-26e7-11e0-8113-c852da81b508} recoveryenabled Yes osdevice partition=C: systemroot \Windows resumeobject {0013713f-26e7-11e0-8113-c852da81b508} nx OptIn Windows-Startladeprogramm ------------------------- Bezeichner {00137141-26e7-11e0-8113-c852da81b508} device ramdisk=[C:]\Recovery\00137141-26e7-11e0-8113-c852da81b508\Winre.wim,{00137142-26e7-11e0-8113-c852da81b508} path \windows\system32\winload.exe description Windows Recovery Environment inherit {bootloadersettings} osdevice ramdisk=[C:]\Recovery\00137141-26e7-11e0-8113-c852da81b508\Winre.wim,{00137142-26e7-11e0-8113-c852da81b508} systemroot \windows nx OptIn winpe Yes Wiederaufnahme aus dem Ruhezustand ---------------------------------- Bezeichner {0013713f-26e7-11e0-8113-c852da81b508} device partition=C: path \Windows\system32\winresume.exe description Windows Resume Application locale de-DE inherit {resumeloadersettings} filedevice partition=C: filepath \hiberfil.sys debugoptionenabled No Windows-Speichertestprogramm ---------------------------- Bezeichner {memdiag} device partition=\Device\HarddiskVolume1 path \boot\memtest.exe description Windows Memory Diagnostic locale de-DE inherit {globalsettings} badmemoryaccess Yes EMS-Einstellungen ----------------- Bezeichner {emssettings} bootems Yes Debuggereinstellungen --------------------- Bezeichner {dbgsettings} debugtype Serial debugport 1 baudrate 115200 RAM-Defekte ----------- Bezeichner {badmemory} Globale Einstellungen --------------------- Bezeichner {globalsettings} inherit {dbgsettings} {emssettings} {badmemory} Startladeprogramm-Einstellungen ------------------------------- Bezeichner {bootloadersettings} inherit {globalsettings} {hypervisorsettings} Hypervisoreinstellungen ------------------- Bezeichner {hypervisorsettings} hypervisordebugtype Serial hypervisordebugport 1 hypervisorbaudrate 115200 Einstellungen zur Ladeprogrammfortsetzung ----------------------------------------- Bezeichner {resumeloadersettings} inherit {globalsettings} Ger„teoptionen -------------- Bezeichner {00137142-26e7-11e0-8113-c852da81b508} description Ramdisk Options ramdisksdidevice partition=C: ramdisksdipath \Recovery\00137141-26e7-11e0-8113-c852da81b508\boot.sdi LastRegBack: 2013-07-24 06:37 ==================== End Of Log ============================ --- --- --- er hat nen erweiterten scan durchgeführt und die hacken selbst gesetzt also nicht wundern |
|
29.07.2013, 15:18
| #15 |
| /// the machine /// TB-Ausbilder | backdoor.WIN32.ZAccess.mbs wurde gefunden system ausfall folge windwos nur noch über abgesicherten modus startbar Und er bootet immer noch nicht normal?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu backdoor.WIN32.ZAccess.mbs wurde gefunden system ausfall folge windwos nur noch über abgesicherten modus startbar |
| abgesicherte, abgesicherten, abgesicherten modus, ahnung, ausfall, backdoor.win32.zaccess.mbs, desinfiziert, erstelle, erstellen, folge, gefunde, ide, modus, möglichkeit, nicht möglich, problem, starte, system, versuche, virus, windows, windwos |
Linear-Darstellung
